Application Security Testing

About Atos

Atos is a global leader in digital transformation with c. 78,000 employees and annual revenue of c. € 10 billion. European number one in cybersecurity, cloud and high-performance computing, the Group provides tailored end-to-end solutions for all industries in 68 countries. A pioneer in decarbonization services and products, Atos is committed to a secure and decarbonized digital for its clients. Atos is a SE (Societas Europaea) and listed on Euronext Paris.

The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.

ASSOCIATE MANAGER-Application Security Testing & Code Review 

Experience: 5 -9 years 

Location: Navi Mumbai (Mahape) / Bangalore

Job Responsibilities:

 The candidate is expected to execute and manage multiple complex and enterprise application security testing projects.

 The candidate is expected to complete projects on time, coordinate with client stakeholders for issues and challenges, track delays, etc.

 The candidate is expected to gain in-depth knowledge and has executed complex Application Security Code Review projects for different types of applications including mobile, web services, web apps and thick-client developed in various languages (i.e. Java, ASP.NET, ReactJS, etc.)

 The candidate will be involved in application architecture understanding, threat identification, vulnerability identification and control analysis.

 The candidate is expected to identify and infer the business risk posed by vulnerabilities identified and showcase prioritization of risks including solution recommendations.

 The candidate is expected to engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure and post project support perspectives.  The candidate is expected to mentor and train junior resources with focus on enhancing their skill sets

 The candidate is expected to monitor their team members' adherence to established security testing processes and organization's policies and procedures.

 The candidate is expected to conduct project reviews to ensure a thorough testing is conducted by the team.

 The candidate is expected to perform technical reviews to identify errors and suggest changes to ensure highest quality of the deliverables.

 The candidate is expected to identify new test cases and develop techniques to test and showcase proof of concept.

 The candidate is expected to track errors made by the engineers and develop an improvement plan for them.

 The candidate should be open for onsite deployments anywhere across the world as business demands.

Required skill set: 3+ years of Application Security Testing Experience

 Expertise in application security testing- Secure Code Review, Web, Mobile, web services, thick-client

 Experience with J2EE (servlet/JSP) and/or .NET (C#/VB.Net and ASP.NET) with different frameworks (Struts, Spring, MVC, .NET) and understanding of AJAX and web services .

 Any CyberSecurity related certification and Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)

 Experience in application architecture review.  Ability to handle difficult situations and to provide alternative solutions or workarounds.

 Experience in training and mentoring other team members .

.  Good verbal and written communication skills with the ability to talk to both business teams and technical teams. Preferred skill set:

 Experience with Source Code Review and application security testing.

 Knowledge of Cryptography (symmetric and asymmetric encryption, PKI, etc.)

 Flexible and creative in helping to find acceptable solutions for customers .

 Ability to work on multiple complex assignments simultaneously .

 Ability to work independently with minimal oversight and in teams.

 Experience with leading and guiding a team of security engineers .

 Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.

 Knowledge of different standards such as PCI DSS, HIPAA, ISO, etc.

#Eviden