Application Security Analyst
ZeOmega Infotech Pvt Ltd · Bengaluru, Karnataka, India
About the role
The analyst is responsible for identifying and reporting vulnerabilities using DAST, SAST, and SCA tools. They will also manage vulnerability assessments, reproduce pentest issues, and monitor for zero-day threats.
What they look for
Requirements
Requires a Bachelor's degree in IT or Computer Science and over 5 years of relevant experience in application security. Candidates must be proficient in exploiting business logic vulnerabilities and familiar with security standards like OWASP and NIST.
Full description
POSITION SUMMARY
Application Security Analyst will identify and report the vulnerability issues in DAST (Dynamic Application Security Testing) and manage the SAST (Static Application Security Testing), SCA and Vulnerability Management ________________________________________
PRINCIPLE JOB RESPONSIBILITIES:
- Web application security Testing and Assessments.
- Identify SQL injections, XSS, CSRF, authentication, OWASP top 10 issues security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
- Maintain expertise in both commercial and opensource tools such as Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, experience in BEEF, MetaSploit and other exploitation framework.
- Reproduce the external pentest issues use case and report the identified vulnerability.
- Review external pentest reports and work with the application security analysist to reproduce the use cases.
- Work on the ad-hoc scanning and reporting analysis for SCA/VM/SAST.
- Analyse and report the vulnerabilities from the scan results of DAST, SAST, SCA and vulnerability management tools.
- Contribute on the Bill of Material (BOM) monitoring and work.
- Collaborate with AppSec Lead on the License approval/requests process.
- Work on the activity alerts related to Zero Day and End of Life (EOL) vulnerability.
- Contribute to the investigation and action on SIEM (Security Incident & Event Management) alerts.
- Assist in the investigation of zero-day vulnerability and provide relevant data for further processing.
- Automate security testing tasks.
- Assisting with the growth and process improvement ideas for the department.
- Participate in on-call support rotation for afterhours support coverage as needed.
- Other duties as defined.
Requirements:
- Bachelor’s degree in information technology or computer Science
- Expertise in identifying and exploiting business logic and framework related vulnerabilities.
- Extensive experience in removing false positives, analysing dynamic scan web inspect, appscan reports.
- Knowledge of Secure SDLC (Secure Software Development Life Cycle) and Security standards like OWASP, CWE, NIST, OSSTMM.
- 5+ years of relevant experience
- Working understanding of Agile Development processes
- Good written and verbal communication skills
- Good troubleshooting skills
- Excellent teaching, problem-solving, communication, and interpersonal skills.