Netsentries Infosec Solutions Pvt.Ltd.
4th Floor, Wing – 2, Jyothirmaya Building Infopark Kochi Phase II Brahmapuram P.O. Phase II Infopark Kochi P.O, Kochi, 682042
Consultants - DevSecOps (Application Security) (Remote)
Static Application Security Testing (SAST) is the process of scanning source code for security vulnerabilities in web/mobile applications and manually validating the results. NetSentries SAST Consultant will be performing Static analysis of Web/Mobile applications on different platforms developed in various programming languages and will be working closely with the Security Analysis Team to recommend remediation for the identified vulnerabilities.
Core responsibilities include:
Perform in-depth static secure code analysis with opensource and commercial tools
Perform manual secure code reviews
Reverse Engineering App binaries and analyzing the decompiled/disassembled code
Prepare advisory for developers of the application on secure coding practices for addressing vulnerabilities identified
Collecting evidences to demonstrate the findings
Collaborating with client side application security and development teams
Handle enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET etc., Android and iOS mobile applications programming languages
Execute SAST projects in adherence with industry standards like OWASP Top10 2017, OWASP Mobile Top 10, SANS 25, PCI-DSS, HIPAA, MITRE-CWE etc.
A degree in computer science or related field and / or equivalent experience in software development.
Exposure to industry standard development practices and programming languages would be a plus.
Demonstrable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps.
Excellent interpersonal communications skills.
Experience with Android / iOS mobile platforms
Experience in performing secure code reviews / reviewing results of static analysis tools
Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities & Exposures (CVE) and their remediation recommendations
Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them
Understanding of OWASP Top 10
Apply here: https://netsentries.freshteam.com/jobs/6zs5szHYoRmg/consultants-devsecops-application-security-remote