Senior Dynamic Application Security Tester – Cis, Icc, India
Country : India
Region : Karnataka
Town : Bengaluru
Category : Logistics
Contract type : Permanent
Availability : Full time
We're looking for a Senior Dynamic Application Security Tester. This role is part of Corporate Information Security, Security Operations organization is responsible for security testing of Nike web applications, coordination with stakeholders regarding findings and completion of day to day tasks associated with the Dynamic Application Security Testing (DAST) program. The candidate needs to have a strong understanding of technical concepts, excellent attention to detail, data accuracy, and data analysis, strong verbal and written communication skills, and be self-motivated and operates with a high sense of urgency and a high level of integrity.
WHO YOU WILL WORK WITH
This role is part of the Attack Surface Management team within Corporate Information Security.
WHAT YOU WILL WORK ON
* Gather information needed to provision regularly scheduled internal, external, unauthenticated and authenticated DAST scans
* Ability to validate web application findings to reduce false positives
* Streamline DAST effectiveness through automation of tasks including onboarding of new web applications, correlation of findings with output from other tools, and delivery of high fidelity findings to stakeholders
* Firm understanding of all issues on the OWASP Top 10
* Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
* Provide mentoring and training to junior members of attack surface management team
* Perform required audit related tasks from internal audit, SOX and PCI activities.
* Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary
* Maintain and compose operational process documentation regarding program execution.
* Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
* 7+ years of IT professional experience, with 3+ years Information Security experience, with previous DAST and application security background
* Strong understanding of a variety of technical concepts such as: web spidering, discovery and validation of layer 7 vulnerabilities, and application development
* Strong web application development, security flaw and remediation technical understanding
* Ability to automate technical tasks through use of APIs or scripting
* Experience with data analytics with the ability to provide qualitative analysis and recommendations
* Experience and knowledge of performing security tasks within AWS or Azure cloud environments
* Ability to develop strong working relationships with a variety of other enabling teams.
* Previous experience working in large scale environments with diverse technologies strongly preferred.