Application Security Analyst

1 week ago


Chennai, Tamil Nadu, India Vitasta Consulting Full time

Primary/General Job Purpose :

- Encourage Shift Left Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle

- Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees

- Assessments Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

- Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

- Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Application Security - Assessment Skillset :

- Web Application Security Owasp top 10 , CVSS etc

- Security Code Review manual code review in Git etc

- API Security Review Open shift, container review etc.

- Database Security Requirements to enhance security on Database

- Web Server Security Requirements to enhance security on the web server

- Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.

- Integration review How the application connects with different systems, performed security review on those integrations.

- Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Knowledge & Skills - Technical, Functional & Managerial :

- Expert at the Web Application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. (Essential)

- Good understanding of Microservice based architecture (Technical) (Essential)

- Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security (Essential)

- Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical) (Essential)

- The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)

- The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. (Essential)

- The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)

- The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)

- The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.

- The Analyst / Engineer can understand and interpret potential issues found in source or compiled code

- The Analyst / Engineer has automation skills/capability in the form of scripting or similar

- The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures

- Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories Desirable

- The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Desirable

- The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. Desirable

- The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports

- Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.

- Good negotiation skills will be desirable Desirable

- Must have good judgment skills to decide on an exception approval

- Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders

- Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

(ref:hirist.tech)
  • SOC L1 Analyst

    2 weeks ago


    Chennai, Tamil Nadu, India Sq1 Security Technology Full time ₹ 1,04,000 - ₹ 1,30,878 per year

    Job Overview:The SOC L1 Analyst will be a key member of the Security Operations Center team, responsible for initial monitoring, detection, and analysis of security incidents. This role involves working closely with senior analysts and engineers to ensure the security of the organizations infrastructure. The ideal candidate should possess a foundational...


  • Chennai, Tamil Nadu, India Ford Global Career Site Full time ₹ 15,00,000 - ₹ 20,00,000 per year

    Cyber Security Analyst – Threat Modeling is responsible for performing security assessments for applications, infrastructure and emerging technologies and guiding product / service teams in secure design of IT systems.

  • IT Security Analyst

    2 weeks ago


    Chennai, Tamil Nadu, India Colan Infotech Private Limited Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Hi Greetings from Colan Infotech Pvt LtdWe have an urgent requirement for IT Security Analyst Required Skills Operating systems (Linux & Windows) administration.Networking fundamentals (TCP/IP, DHCP, DNS).Security concepts (SSL, TLS Encryption).Common security threats and mitigation techniques.Security Audits & Server Hardening.Linux Windows servers...

  • Data Security Analyst

    2 weeks ago


    Chennai, Tamil Nadu, India HCLTech Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Data Security AnalystJob Title: Data Security AnalystExperience: 7+ Years needed Notice period- Immediate joiner Location-Noida,ChennaiJob Summary: We are seeking a skilled Data Security Analyst to monitor and protect our organization's sensitive data and information systems. The ideal candidate will have a strong background in cybersecurity, data...


  • Chennai, Tamil Nadu, India beBeeCyberSecurity Full time ₹ 18,00,000 - ₹ 1,98,30,000

    Job Title: Cyber Security Risk Analyst">">Cyber Security is a growing concern for any organisation. As a Cyber Security Risk Analyst, you will be responsible for assessing and managing risks to our IT systems, data, and applications.">">Key Responsibilities:">We are looking for a highly motivated and experienced individual to join our team as a Cyber...

  • Sr. Security Analyst

    3 weeks ago


    Chennai, Tamil Nadu, India Lennox International Full time

    Job DescriptionCompany ProfileLennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and...


  • Chennai, Tamil Nadu, India Lexitas Full time

    About the companyLexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success.Lexitas offers an array of services including local and national court reporting, medical record retrieval, process...


  • Chennai, Tamil Nadu, India Lexitas Full time

    About the company Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success. Lexitas offers an array of services including local and national court reporting, medical record retrieval, process...


  • Chennai, Tamil Nadu, India Lexitas Full time

    About the company Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success. Lexitas offers an array of services including local and national court reporting, medical record retrieval, process...


  • Chennai, Tamil Nadu, India Lexitas Full time

    About the company Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success. Lexitas offers an array of services including local and national court reporting, medical record retrieval, process...