Responsibilities:
- Perform white-box and black-box security scans, system, and application platform hardening.
- Develop scripts to automate system hardening and security vulnerability assessments.
- Maintain and enhance security test suites in QA builds.
- Optimize system performance and reliability to improve user experience.
- Conduct code reviews to ensure code quality and security compliance.
- Collaborate with Software Quality Engineers for system integration testing and defect life cycle management.
- Improve testing processes, tools, and methodologies in partnership with Software Quality Engineers.
- Take on secondary roles such as Application Performance Engineer or Software Quality Engineer when required.
- Work with cross-functional teams to integrate and enhance security in the development pipeline.
Experience and Skills Required:
- Minimum of 2 years of experience in application security vulnerability assessment, analysis, and remediation.
- Exposure to agile development environments is advantageous.
- Familiarity with CI/CD tools such as GitLab or equivalents is a plus.
- Experience with public cloud platforms (AWS, Azure, Google Cloud) is an added advantage.
- Proficiency with security tools like OWASP ZAP, Burp Suite, SQL Map, Nessus, Nmap, Fortify WebInspect, or equivalents is preferred.
- Familiarity with tools like Checkmarx, Static Application Security Testing (SAST), or Dynamic Application Security Testing (DAST) is highly desirable.
- Possession of certifications such as CSSLP, CEH, CISSP, OSCP, GPEN, GWAPT, or CREST Registered Penetration Tester (CRT) is advantageous.
- Degree or Diploma in Computer Science, Computer/Electronics Engineering, Information Technology, or related disciplines.
Certifications That Add Value:
- Security certifications like CSSLP, CEH, CISSP, OSCP, GPEN, GWAPT, or CREST Registered Penetration Tester (CRT).
- Certifications in risk management or application security testing, such as GIAC Web Application Penetration Tester (GWAPT) or equivalents.
