Job Description:
Work hours: 3 PM – 12 PM IST
Job Responsibilities:
- Conduct Static Application Security Testing (SAST) using Fortify to identify vulnerabilities within codebases.
- Perform Dynamic Application Security Testing (DAST) using Blackduck to detect security issues in running applications.
- Collaborate with development teams and DevOps team to ensure secure coding practices are implemented effectively.
- Collaborate with DevOps team to ensure the SAST hooks are plugged in for the CI/CD pipelines.
- Develop and execute comprehensive security test plans and methodologies.
- Analyze test results to provide actionable insights and recommendations to improve application security.
- Monitor and assess emerging threats and vulnerabilities relevant to applications and systems under test.
- Create and maintain documentation on testing processes, findings, and remediation strategies.
Required Skills:
- Proficient in using Fortify for SAST and Blackduck for DAST.
- Strong understanding of secure software development lifecycle (SDLC) practices.
- Knowledge of common vulnerability types, such as OWASP Top Ten and CWE.
- Hands-on experience with coding languages such as Java, Python, or C#.
- Familiarity with CI/CD pipelines and integrating security testing tools within DevOps workflows.
- Strong analytical and problem-solving skills with attention to detail.
Nice-to-Have Skills:
- Certifications such as CISSP, CEH, or CSSLP.
- Experience with other security tools like SonarQube, Burp Suite, or Nessus.
- Understanding cloud security principles and practices.
- Knowledge of containerized applications and tools such as Docker and Kubernetes.
- Background in threat modeling and risk assessment methodologies.
- Proficiency in scripting languages (e.g., PowerShell, Bash).
Send your resume to: India-careers@vertisystem.com