Employer Active
Job Alert
You will be updated with latest job alerts via emailJob Alert
You will be updated with latest job alerts via emailNot Disclosed
Salary Not Disclosed
1 Vacancy
Client : PWC
Location : BangaloreWhitefield
Exp : 7 to 10 years
Role: Software Security
SKILLS AND COMPETENCIES
Deep understanding of adherence of Secure Software Development Lifecycle (Secure SDL) during
design development testing debugging delivery and support phase of products and projects
Knowledge and experience with Data Protection & Privacy principles to be adhered (e.g. GDPR)
Collaborate with product development and solution teams proactively to manage software
security risk aligned with business goals
Support in external and internal audits and certifications of products (e.g. ISO 271001 SOC2
Type1/ Type 2 etc)
Strong understanding of OWASP top 10 and similar application security methodologies
Perform threat modelling as part of secure SDLC process
Hands on experience in conducting penetration for web application API Webservices mobile application and thick clients (both cloud and on prem)
Proven handson experience working with Static (Checkmarx & Fortify) and Dynamic Security Scan tools (Burp suite WebInspect)
Experience on Open Source Security code scan (tools WhiteSource and Blackduck)
Maintain active understanding of industry practices for secure software development and incident response
Prior experience with Secure Programming principles in at least one programming language
(ABAP Java C C JavaScripts)
EXPECTATIONS AND TASKS
S/He shall ensure that all delivered projects mandatorily go through the Secure Software Development Lifecycle (S2DL).
Her/His technical competencies therefore include the ability to
o lead Security Evaluations & Estimations during the Solution Proposal phase (prior
delivery).
o moderate the Threat Modeling Workshops and Data Protection Compliance Evaluation
Workshops during the Design phase
o perform end to end risk assessment
o advocate the Secure Programming Guidelines to the Development team during the Build
phase
o own the DPP testcases and audit the mandatory execution of these tests during the MIT
phase
o conduct of the Security Code Scans on support bug fixes and regression tests for
resolution of critical Security vulnerabilities
o conduct open source security scan and guide projects teams to fix vulnerabilities
Drive and ensure the compliance of all delivered projects to Security and Data Protection &
Privacy guidelines.
2
Work closely with Solution Architects Development Architects Project Managers Developers
and Quality Assurance to coordinate the delivery of secure solutions (delivery includes design
development testing documentation golive and maintenance & support activities)
Perform dynamic application security testing (manual and tool based). Remove the false
positives and report issues to the development team.
WORK EXPERIENCE
7 years of total experience in Information Security
Security certifications like CEH Security OSCP GPEN CCSP CISSP or any other security related
certifications
Good English communication skills (written and verbal)
Quick Learner passionate motivated and selfmanaged
Full Time