Lead Application Security Engineer

  • SaaS Operations
  • Hyderabad, India

Lead Application Security Engineer

Job description

About Us

OpsRamp enables IT to control the chaos of managing their hybrid IT operations and act as a service provider back to the business. Built in the cloud, the OpsRamp service-centric AIOps platform drives total visibility across hybrid infrastructures, offers complete multi-cloud infrastructure monitoring and management of business-critical services, and optimizes services through automation and integration with ITSM and DevOps tools.

Requirements

Job Description

Experience Required : 8-12 years

• Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc. 

• Experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, APIs, DAST, SAST etc. 

• Should have performed manual mobile application penetration testing on platforms like Android, IOS, etc – both client and server-side applications. 

• Should have knowledge on Risk Rating Standards like DREAD, CVSS etc. 

• Should have good understanding of web application architecture and Secure development life cycle (SDLC) and 2+yr Experience in Java web application development. 

• Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable. 

• Should have Prepared audit reports and findings tracker sheets for applications. 

• Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization. 

• Perform Black-Box / Grey Box External Network VA/PT assessments following structured phases. - SOC2 Type 2, ISO27001, PCI-DSS. - Experience in security automation and security review in cloud infrastructure. Aws, azure. Certification: OSCP (preferred),OSWE (preferred), CEH , Security+, CCNA security ...etc