Application Security Tester

KUALITATEM PVT LTD

Kualitatem is an Independent Software Auditing, IS Auditing, Security and Risk Assessment Company providing consulting services to a global clientele.

JOB TITLE 

Application Security Tester

JOB DESCRIPTION

• Experience with Source Code Audit and Dynamic Security Testing
• Have understanding of DevOps concepts
• Good to have experience of deploying and using security solutions such as IBM App Scan, MicroFocus.
• Penetration Testing experience and understanding of
• Perform application and infrastructure Cyber Security Assessments, as well as physical security review and social engineering tests for our global clients
• Review and define requirements for information security products implementation.
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

Sr.

Dimension

Task

1

Security Product Implementation

IBM, McAfee, MicroFocus, Symantec, Kaspersky security product implementations

2

Penetration Testing (Good to have)

Have understanding of tools and technologies for performing Penetration Testing.

KEY RESPONSIBILITIES

1 – Business Understanding

• Increase knowledge base regarding technical products.
• Span includes (and not limited) to security assessments and products.   

2 – Technical products learning

• Self-learning ability to learn new products of same portfolio.
• Should be convenient with scripts, tools and web searches.
• Can train his peers on new technologies. 

3 – Research and programming

• Willing to do programming tweaks. Should not be language dependent.
• Adaptive learning is a MUST to have ability.
• Ability to do search solutions independently.
• 60 % scenarios demand programming skills.  

4 – Training & Development

• Identify key skills, specialty skills and propose training needs accordingly.
• Learn new tools and technologies and provide training to peers on the tools.
• Managing, communicating and delivering important technical product projects that impact Information security department of the organization.

KEY PERFORMANCE INDICATORS

• Maintain and Cover the technical processes and documentation diligently and on time
• Understand the importance of client relationship environment.
• Establish and maintain a strong and progressive work culture within the department.
• Willing to learn new technologies.
• Proactively handle issues and concerns during onsite deployments.

KEY SKILLS

SPECIALIZATION

• Good to have CEH, CISSP, OSCP or any security vendor certification would be preferred.
• Any certification in the LA ISO27001, ISO 27005, ISO 27701 and experience within the field.
• Security Products experience would be preferred.
• Good understanding of network protocols, design and operations
• Ability to architect and drive change
• Ability to lead in a global environment
• A flexible team player with a proven ability to work successfully in a matrix-reporting environment
• Be able to conduct Risk Assessment & Reviews based on ISO27000 standards with additional exposure to multiple standards an added plus

TECHNICAL

• Sound knowledge of Information Security and penetration testing concepts
• Familiarity with IP network architecture technology and protocols, Windows and Linux operating systems, routing, web technologies and protocols, firewall configuration and rule maintenance, common programming and scripting languages, SQL databases and queries, and OWASP
• Understanding of latest technology stacks.
• Exposure to various info sec tools

GENERAL

• Must have a college education with an under graduate or post graduate degree.
• Excellent written and verbal communication skills to present and interact with different stakeholders in global settings
• Excellent analytical and problem-solving skills
• Self-motivated, having a passion for learning
• Be able to train other resources.
• Willingness to travel
• Willingness to learn

Career Level

Experience

Reporting

Department

Senior Information Security Engineer

6 + Years

Head of Department

Compliance and security