SAST- Static Applicant Security Testing

Job Title: SAST (Static Application Security Testing)

Location: Pune Chennai Bangalore

Experience: 69 Years

Skills: Checkmarx Fortify Veracode SonarQube

We are looking for a skilled SAST Specialist with a deep understanding of Static Application Security Testing. The ideal candidate will have extensive experience in performing security assessments on web and mobile applications using SAST tools. The candidate should be capable of identifying vulnerabilities in the source code understanding security best practices and working with development teams to remediate security issues. Strong experience with leading Static Analysis tools such as Fortify Checkmarx or SonarQube and an indepth understanding of common application security vulnerabilities (e.g. OWASP Top 10) are required.

This position is being recruited by Smartwork IT Services a leading recruitment and productbased company. In addition to staffing solutions Smartwork IT Services is involved in developing cuttingedge products like SWITS ATS (Applicant Tracking System) and SWITS HRMS (Human Resource Management Services). We focus on delivering exceptional value through innovative solutions and toptier talent acquisition.

• Static Application Security Testing:
  Conduct static analysis on applications to identify vulnerabilities including those related to secure coding practices and common security flaws.

• Vulnerability Management:
  Analyze and categorize security vulnerabilities provide clear and concise remediation guidance and track the progress of security issues until resolved.

• Security Best Practices:
  Work with development teams to integrate security best practices throughout the software development lifecycle (SDLC) ensuring secure coding standards and guidelines are followed.

• Reporting and Documentation:
  Prepare detailed reports on identified security issues and provide actionable recommendations for remediation ensuring reports are tailored to both technical and nontechnical stakeholders.

• Tool Proficiency:
  Utilize leading SAST tools (e.g. Fortify Checkmarx SonarQube) to perform indepth security assessments and recommend the best tools for the specific security requirements of each project.

• Collaboration and Training:
  Collaborate with application development teams to provide guidance on secure coding practices and conduct training sessions on security testing.

• Strong experience with Static Application Security Testing (SAST) methodologies and tools (e.g. Fortify Checkmarx SonarQube Veracode etc.).
• Indepth knowledge of web and mobile application security vulnerabilities (e.g. SQL injection crosssite scripting buffer overflows etc.) and familiarity with the OWASP Top 10.
• Experience in analyzing application source code to identify security weaknesses and providing remediation advice.
• Familiarity with secure software development lifecycle (SDLC) and the integration of security testing into CI/CD pipelines.
• Knowledge of application security frameworks and compliance standards (e.g. OWASP NIST ISO 27001).
• Experience with common programming languages (Java C Python etc.) to assess security vulnerabilities in code.
• Proficiency in vulnerability tracking and management tools and understanding of risk assessment methodologies.
• Strong communication skills with the ability to interact with both technical and nontechnical stakeholders.
• Knowledge of Agile methodologies and experience working in Agile development environments.