• Application security test analyst Jobs in Bulgaria - 25312736

  • LUXOFT
  • Bulgaria
  • Save Job
  • 2 - 5 Years
  • Posted : above 1 month

Job Description:

Project Description The Office of Information Security (OIS) ensures that security efforts throughout the company are coordinated and aligned with the companys business and IT strategy This Office delineates the Companys information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management The Companys office of Information Security needs a suitable resource to support the Certification & Accreditation functions The Analyst will be required to work with the Certification and Accreditation (C&A) team and will have responsibilities for specific individual tasks, while working as an integral part of the team in executing OISs work program S/he will have to review the security architecture evaluation of corporates new systems and create security test plans based on existing and planned controls and recommendations The candidate will also be expected to perform security analysis of the different layers of the systems (application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems, and database vulnerability scanners (Cenzic Hailstorm /HP Web Inspect/ NGSSquirrel, Nessus)
For this particular position we are looking for an analyst with experience in DevSecOps as the goal of the engagement is to integrate and implement security testing activities in DevOps methodology, using scripting languages and integrate them with CI/CD pipelines and servers

Responsibilities Review the security architecture evaluation of Companys new systems and create risk-based test plans around existing and planned controls and recommendations
Perform security analysis of the different layers of the systems (application, operating systems, and database layers) by performing source code review, manual testing, and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners
Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS and Android)
Configure, troubleshoot, and perform web and database post-production scans
Analyze the results of security testing following a risk-based approach and work with DBAs, network operations, and application development teams through recommending and monitoring of remediation activities
Maintain detailed documentation of test procedures and findings in our ticketing system
Develop and maintain our security testing procedures for the different layers of web, mobile, and enterprise application systems to incorporate new testing methodologies and improve the process
Maintain vulnerability scanning tools (ie Cenzic Hailstorm) to ensure they are up to date and running properly
Assist in identifying and maintaining licenses for security manual testing tools and mobile security testing tools
Stay abreast of newer trends in tools and technologies used for web and mobile application security

Skills Must Educational Qualifications and Experience
Education Bachelors degree, preferably in Computer Science, Information Management, or Information Systems
Role Specific Experience 2 years of relevant experience in information security and application security
Hands-on experience with running web application testing tools (eg, Cenzic Hailstorm, HP Web Inspect, IBM AppScan), performing manual testing and source code review, validating test results, analyzing vulnerabilities and helping develop platform specific remediation plans

Certification Requirements
Recognized industry certifications (eg Certified Information Systems Security Professional CISSP, Certified Ethical Hacker CEH, SANS GWEB or GWAPT) is a plus

Required Skills/Abilities
Good knowledge of common website vulnerabilities (such as SQL injection, cross-site scripting, remote/local file inclusion, etc) and common website exploit techniques (such as character encoding, privilege escalation, directory traversal, etc)
Good understanding of web application technologies (eg Java, NET, Drupal), database management systems (Oracle, MS SQL, etc), operating systems (eg Windows, UNIX) and operation/configuration of common web servers (eg IIS, Apache)
Demonstrated hands-on experience with automating security testing activities in DevOps methodology, using scripting languages (eg Power Shell, Python), using application life cycle management products (eg MS TFS, Azure DevOps) and common automation and orchestration tools (eg Chef, Jenkins)

Nice to have Understanding of cloud technology (eg AWS, MS Azure, MS Office 365, Adobe Cloud, ServiceNow) is an added plus This is a long-term engagement
Knowledge of Web Application Firewall (WAF) operation
Experience with security vulnerability evaluation of ERP solutions (eg, SAP and PeopleSoft), COTS solutions and application middle-ware (Documentum, SharePoint, etc)
Understanding of mobile application security testing on different mobile platforms (iOS and Android)
Previous software development experience (using NET or Java)

Languages English Advanced/Fluent

WHERE

Sofia

Work Type

Application Security

Seniority Level

Senior

Ref number

VR-46382

Profile Summary:

Employment Type : Full Time
Eligibility : Any Graduate
Industry : IT-Software
Functional Area : IT Software : Software Products & Services
Role : Software Engineer
Salary : As per Industry Standards
Deadline : 03rd Jun 2020

Key Skills:

Would you like to try out these free online tutorials?

People who search this job also searched for the following Keywords

Salary trends based on over 1 crore profiles

View Salaries

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status