Futran Tech Solutions Pvt. Ltd.
Application security
Futran Tech Solutions Pvt. Ltd., Raleigh, North Carolina, 27601
Application Security Location- Raleigh, NC Fortify tools: "Mandatory Skills: Fortify (DAST ( Webinspect), SAST (SCA), SSC , API) , Azure DevOps Primary Skills: 1. Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST) 2. 'Good knowledge of Application Threat Modelling, RASP, IAST 3. Good hands-on experience on AppCheck, Veracode and Fossa 4. Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application Infrastructure level 5. Experience of building Security Gates / threshold levels for build pass/fail 6. API Security, Container Security implementation / good knowledge 7. Information Systems/Network Security experience 8. Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis 9. Expertise in OWASP & Good knowledge of NIST, SANS, PCI, ISO 27001 10. Mobile Application Security testing 11. Proficient with manual and automated scanner approaches 12. Sound Knowledge of Devops environment 13. Implemented DevSecOps (Secure CI/CD integration) 14. Integration, Management, and configuration of DevSecOps Tools 15. Preparing security advisories and defining the severity levels for the vulnerabilities 16. Scanning, validation and reporting of vulnerabilities on daily and monthly basis 17. Preparing monthly security reports for the management Certifications: • Requirement: Certified Ethical Hacker (CEH), Bachelors / Master's in computer science / IT-Cyber Security • Desirable: OSCP, CISSP Other requirements: • Good Communication skills • Managing projects and schedules. • Mentoring application security testers, providing guidance in testing techniques, and assisting in the development of exploits for complex vulnerabilities. • Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, OWASP ASVS, etc.).