As a Application Security Tester, you will conduct web application security vulnerabilities assessments that may include review designs, perform pentest and security checks through the use of scanning tools / manual checks and notify the appropriate team to take necessary action.
3 to 7 years of experience in the areas of Web Application Security Testing - Penetration Testing, SAST (Static App testing) and DAST (Dynamic App Testing)
Deep understanding of tools like IBM AppScan, Check Marx, Fortify, Burp Suite, OWASP ZAP, Fiddler, Tracert, Shark, Kali Linux, etc
Strong understanding of the OWASP Top 10 Vulnerabilities
Experience in Security testing APIs and Web services (REST and SOAP)
Experience in testing Infrastructure vulnerabilities associated with networking protocols, TCP/IP stack and systems architecture
Ability to develop vulnerability assessment reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to stakeholders
Ability to work jointly with Development Teams, Architects and Ethical Hacking Teams to periodically review application code and be able to define security posture of applications and back-end systems
Working in an Agile environment and understanding the way SCRUM framework works in day-to-day tasks
Nice to Have:
Knowledge and hands-on in IAST tools and other penetration testing frameworks or tools is a plus
Possess excellent written and verbal communication skills
Work collaboratively within a team of other engineers and have strong influencing and leadership skills
Generalist technical knowledge within department and good knowledge with troubleshooting root cause of vulnerabilities.
Tata Consultancy Services