Web Application Security

4 weeks ago

Bangalore, India NETSACH GLOBAL Full time

Greetings from Netsach - A Cyber Security Company.


We are looking for Web Application Security consultant with minimum of 3+ years of relevant experience in an information security function with good background in information technology, stakeholder management and people management. Their primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads.


Job Title: Web Application Security

Exp: 3+yrs

Location: Dubai Onsite

Job Type: Full-Time


Interested candidates please share your updated resume at emily@netsach.co.in


Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.  


Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.


Technical Requirement

  1. Web Application Security Owasp top 10 , CVSS etc
  2. Security Code Review manual code review in Git etc 
  3. API Security Review Open shift, container review etc. 
  4. Database Security Requirements to enhance security on Database 
  5. Web Server Security Requirements to enhance security on the web server 
  6. Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.
  7. Integration review How the application connects with different systems, performed security review on those integrations. 
  8. Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.


Knowledge & Skill Set:

  • Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. 
  • Good understanding of Microservice based architecture (Technical) 
  • Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
  • Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical).
  • The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. 
  • The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. 
  • The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. 
  • The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. 
  • The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
  • The Analyst / Engineer can understand and interpret potential issues found in source or compiled code.
  • The Analyst / Engineer has automation skills/capability in the form of scripting or similar. 
  • The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.
  • Desirable Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories.
  • The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance.
  • The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. 
  • The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports.
  • Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team. 
  • Good negotiation skills will be desirable.
  • Must have good judgment skills to decide on an exception approval.
  • Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders.
  • Knowledge of application of Agile methodologies/principles such as Scrum or Kanban


Soft Skills:

  • Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective 
  • Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt 
  • Assertive personality; should be able to hold her/his own in a project board or work group setting
  • Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
  • Ability to work under pressure and meet tough/challenging deadlines 
  • Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not 
  • Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint 
  • Has strong decision making, planning and time management skills. 
  • Can work independently. 
  • Has a positive and constructive attitude


Education

Bachelors degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar 


Certifications

  • General Information Security: OSCP, CEH, CISM/CISA or similar 
  • General Cloud Security: CCSK /CCSP or similar 
  • Specific Cloud Security: Azure Security or similar 
  • Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist



Thank You

Emily Jha

emily@netsach.co.in

Netsach - A Cyber Security Company

www.netsach.co.in

  • RSA - Application Security Engineer

    3 weeks ago

    bangalore, India RSA Security Full time

    RSA - Application Security Engineer Location: Remote India RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced attacks;...

  • RSA - Application Security Engineer

    1 month ago

    bangalore, India RSA Security Full time

    RSA - Application Security Engineer Location: Remote India RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced attacks;...

  • Web Application Firewall Specialist

    3 weeks ago

    Bangalore, India IT Full time

    Job Description :- Familiarity with WAF tools for both on-premises and cloud applications.- Ability to fine-tune WAF configurations to bolster security measures.- Demonstrate background in cybersecurity and deep understanding of web application security practices.- Maintain web application firewall systems to protect our web applications against potential...

  • Web Application Firewall Specialist

    2 months ago

    Bangalore, India IT Full time

    Job Description :- Familiarity with WAF tools for both on-premises and cloud applications.- Ability to fine-tune WAF configurations to bolster security measures.- Demonstrate background in cybersecurity and deep understanding of web application security practices.- Maintain web application firewall systems to protect our web applications against potential...

  • Web Application Firewall Specialist

    2 months ago

    Bangalore, Karnataka, India IT Full time

    Job Description :- Familiarity with WAF tools for both on-premises and cloud applications.- Ability to fine-tune WAF configurations to bolster security measures.- Demonstrate background in cybersecurity and deep understanding of web application security practices.- Maintain web application firewall systems to protect our web applications against potential...

  • Web Application Firewall Specialist

    2 months ago

    bangalore, India IT Full time

    Job Description :- Familiarity with WAF tools for both on-premises and cloud applications.- Ability to fine-tune WAF configurations to bolster security measures.- Demonstrate background in cybersecurity and deep understanding of web application security practices.- Maintain web application firewall systems to protect our web applications against potential...

  • Web Application Firewall Specialist

    3 weeks ago

    Bangalore, Karnataka, India IT Full time

    Job Description :- Familiarity with WAF tools for both on-premises and cloud applications.- Ability to fine-tune WAF configurations to bolster security measures.- Demonstrate background in cybersecurity and deep understanding of web application security practices.- Maintain web application firewall systems to protect our web applications against potential...

  • Application Security Engineer

    1 week ago

    bangalore, India Rakuten India Full time

    Job DescriptionDepartment OverviewIn Rakuten Group , the security and safety of the Internet services are guaranteed by the Cyber Security Defence Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.Position DetailsAs a member of CSDD Security Audit...

  • Application Security

    14 hours ago

    bangalore, India Upstox Full time

    Responsibilities: - Design, develop, and maintain tools and web applications to automate security tasks and improve security measures across the organization. - Develop and integrate security automation tools and processes into the CI/CD pipeline to ensure continuous security testing and compliance. - Review source code for potential security...

  • Application Security Engineer

    1 week ago

    bangalore, India Rakuten India Full time

    Job Description Department Overview In Rakuten Group , the security and safety of the Internet services are guaranteed by the Cyber Security Defence Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group. Position Details As a member of CSDD Security...

  • Application Security Mobile Application

    4 weeks ago

    Bangalore, India NETSACH GLOBAL Full time

    Greetings from Netsach - A Cyber Security Company.We are looking for Mobile & Web Application security with minimum 4 years of experience in an information security function with good background in information technology, stakeholder management and people management Minimum 3 years of experience, as a Security Engineer especially in Cloud Native...

  • Application Security Architect

    2 months ago

    bangalore, India athmâ Full time

    About Narayana Health:Narayana Health is headquartered in Bengaluru, India, and operates a network of hospitals in India and Overseas. Our mission is to deliver high-quality, affordable healthcare services to the broader population. Narayana Health Group is India’s leading healthcare provider and one of the largest hospital groups in the country with a...

  • Application Security

    2 months ago

    bangalore, India Nityo Infotech Full time

    Integration , Microsoft Office , Testing , A , Achieve , Activities , Aid , Android , Application , Application Infrastructure , Application Security , Authentication , Automation , Bangalore , Burp Suite , CEH , Certifications , Code , Command , Common , Communications , Communications Writing , Company , Construction , Continuous Delivery , Continuous...

  • Application Security

    3 weeks ago

    bangalore, India Nityo Infotech Full time

    Integration , Microsoft Office , Testing , A , Achieve , Activities , Aid , Android , Application , Application Infrastructure , Application Security , Authentication , Automation , Bangalore , Burp Suite , CEH , Certifications , Code , Command , Common , Communications , Communications Writing , Company , Construction , Continuous Delivery , Continuous...

  • Application Security Engineer

    2 months ago

    bangalore, India SolarWinds Full time

    At SolarWinds, we’re a people-first company. Our purpose is to enrich the lives of the people we serve—including our employees, customers, shareholders, Partners, and communities. Join us in our mission to help customers accelerate business transformation with simple, powerful, and secure solutions. The ideal candidate thrives in an innovative,...

  • Application Security Engineer

    3 weeks ago

    bangalore, India SolarWinds Full time

    At SolarWinds, we’re a people-first company. Our purpose is to enrich the lives of the people we serve—including our employees, customers, shareholders, Partners, and communities. Join us in our mission to help customers accelerate business transformation with simple, powerful, and secure solutions. The ideal candidate thrives in an innovative,...

  • Senior Web Application Developer

    1 month ago

    bangalore, India Indusface Full time

    Careers » Current Openings » Senior Web Application Developer Role: We are hiring web developers with strong skills in AngularJS, JavaScript, CSS, HTML, and experience in creating responsive user interfaces. If you want to be part of our engineering team in Bangalore that is building cutting-edge, award-winning Web application security products...

  • Senior Web Application Developer

    3 weeks ago

    bangalore, India Indusface Full time

    Careers » Current Openings » Senior Web Application Developer Role: We are hiring web developers with strong skills in AngularJS, JavaScript, CSS, HTML, and experience in creating responsive user interfaces. If you want to be part of our engineering team in Bangalore that is building cutting-edge, award-winning Web application security products...

  • SDE II

    2 weeks ago

    bangalore, India Upstox Full time

    Responsibilities: 1) Design, develop, and maintain tools and web applications to automate security tasks and improve security measures across the organization. 2) Develop and integrate security automation tools and processes into the CI/CD pipeline to ensure continuous security testing and compliance. 3) Create threat models to identify the risks...

  • Head of Application Security

    3 weeks ago

    bangalore, India Agratas Full time

    Job Title- Head of Application SecurityJob Description:We are seeking a highly skilled and motivated Application Security Leader and Vulnerability Management Specialist to join our team. This position plays a crucial role in ensuring the security and integrity of our organization's applications and infrastructure by leading the implementation of robust...