QUALIFICATIONS
Engineer in Computer Science or Telecommunications with experience in performing application security testing.
Valuable certifications such as CSSLP, CISSP, CEH, OSCP, etc.
REQUIREMENTS
Experience in management and definition of security in the software development lifecycle (SDLC)
General knowledge in at least one of the most enterprise-used programming languages as Java, C# .NET, Python, etc.
Experience in SAST solutions such as Fortify or Checkmarx.
Experience in SCA (Software Composition Analysis) such as Dependency-Check, SourceClear and/or WhiteSource.
Experience in conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and application penetration tests)
Experience with OWASP Testing Guide and OWASP TOP 10
Knowledge of other well-known security standards of the industry: OWASP-M, SEI CERT-J, SEI CERT-C, PCI, HIPAA and ISO 27001 are valuable
Experience in testing APIs security
Security knowledge in web applications and common vulnerabilities
Knowledge of SOA security
Knowledge of security focused on mobile applications (REST, JSON, OpenID, OpenAuth, WebToken, SSO)
Knowledge of security in micro-services and Single Page Applications is valuable
RESPONSIBILITIES
Manage group of people and projects
Definition of security testing processes into software development life cycle
Definition of applications security architecture elements
Definition and documentation of security requirements for applications (web, mobile, SOA, etc.).
Definition and measurement of KPI and KRI related to security in applications
Build PoC with clients to determine best tools to be implemented
Vulnerability lifecycle management on client environment
Collaborate with clients to define best approach to maximize the security posture
#GoSecurity
