Roles and ResponsibilitiesJob Description:The Secure Code Review service is part of the Security Testing Services Team. It is a part of Application Security testing service and is the process of identifying, documenting, and consulting on specific Application Security threats and vulnerabilities, associated likelihood and impact, and mitigating controls. Results of the assessment are documented in a report which consists of security plan, list vulnerabilities. Secure Code Review is a process to identify and assess risks present in applications using a hybrid static analysis methodology.Job Profile Details:The candidate is expected to execute/Lead primarily Secure Code Review projectsThe candidate is expected to execute/Lead Application Security and Penetration Testing projects as well as business demandsThe candidate will be expected to gain in-depth knowledge and understanding of computer applications, including various languages (i.e. Java, ASP, .NET, C++, C#, etc.). The candidate will be involved in application architecture understanding, threat identification, vulnerability identification and control analysis The candidate will be expected to do likelihood determination, impact analysis and risk determination.Job would require prioritizing risk responses including solution recommendation and documentation.Candidate will be required to demonstrate strong communication (verbal and written) and , problem solving capabilitiesSelected individual will be expected to successfully comprehend large complex applications written by others from reading code and application design.May have to handle multiple complex assignments simultaneously.Engage with both business people and technical people within and outside the organization from a project scope definition, project execution, project closure perspectives Communicate complex subjects in easy to understand terms and stay current with emerging technologies and industry trendsAdditional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.The candidate should be able to successfully lead and execute projects, mentor and train junior resources with focus on enhancing their skillsetsThe candidate should be open for onsite deployments as business demandsSkills required: 4+ years of Secure Code Review Experience Experience with web-based application development3 years combined experience with J2EE (servlet/JSP) and/or .NET (C#/VB.Net and ASP.NET)Knowledge of Design PatternsExperience with relational databases from an application development perspectiveAbility to handle difficult situations and to provide alternative solutions or workaroundsFlexible and creative in helping to find acceptable solutionsExperience in training and mentoring othersGood communication and writing skills with the ability to talk to both business people and technical peoplePreferred Skills:•Framework experience (Struts, Spring)•Understanding of AJAX and web services•Knowledge of application security vulnerabilities such as the OWASP Top 10•Experience in Application Security Audits will be a plus.• Software Maintenance Experience• Security certification• Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)o Basic understanding of the following protocols/technologies:oSSL/TLS•Cryptography (symmetric and asymmetric encryption, PKI, etc.)• Ability to work on multiple complex assignments simultaneously• Ability to work alone or in groups
Salary: Not Disclosed by Recruiter
Functional Area:IT Software - Other
Role Category:Programming & Design
UG:Graduation Not Required
Paladion Networks Pvt Ltd
Paladion is a robust managed security service provider, with over a decade of experience, trusted by organizations from around the globe from Asia to the US to EMEA.
View Contact Details+