Qualifications

Academic Qualification: Engineering/ IT Graduate; MCA; MS IT; MSc IT; Graduate degree in Information security.
Professional Certification: One or more of following certification is desirable- CEH; OSCP; OSCE; CSSLP; CISSP; CISA, CISM; SANS

Experience & Key Skills/ Competency

• Practical experience in manual & automated grey box application security assessment

• Practical experience in mobile application (android / iOS) security assessment

• Exposure to API security testing

• Experience in using application security assessment tools/platforms such as Burp Suite, Paros, Samurai WTF, Kali Linux, Charles, Metasploit.

• Understanding of the OWASP Top 10 application security risks.

• Knowledge of networking concepts like TCP/IP, UDP, HTTP, TLS, SSH, DNS, firewalls, etc.

• Experience of drafting web application security assessment report.

• Excellent problem solving and analytical skills; outstanding oral and written communication skills.

• Practical experience with Static and Dynamic Application Security Test (SAST/ DAST) solutions e.g. Fortify, Veracode, Checkmarx is desirable.

• Candidate with software programming background with language and tools such as Java/JavaScript; JSP; Python; PHP; ASP.Net HTML/CSS is desirable.

• Experience in conducting network penetration testing & system vulnerability assessment using VA tools (e.g. Nessus, Nexpose etc.) and VA checklist is desirable