Application Security Consultants - Application Security Testing
Accenture, recognized as a Great Place To Work®, is a leading global professional services company that helps major businesses, public administrations, and other organizations around the world develop their digital core, optimize their operations, accelerate revenue growth, and improve services for citizens, creating tangible value at speed and scale.
Would you like to be part of a team of over 19,000 cybersecurity specialists worldwide? Accenture has an opportunity for you to join our Cybersecurity team.
An Application Security Testing analyzes a given situation to determine which security testing approaches are most likely to succeed, implement them and evaluate its effectiveness.
Also demonstrating the attacker mentality by discovering key information about a target, performing actions in a protected environment that a malicious person would perform and understand how evidence of the attack could be deleted.
As a member of the Security Team, the Application Security Testing Analyst will work in a collaborative environment where sharing skills and expertise is part of its DNA, cultivating a culture of security awareness to ensure security policies for applications, environments and systems are followed at all times.
Continuous learning is encouraged (and needed!) through our extensive training program, classroom/online courses from well-known providers and certifications.
Applicants must have Computer Science, Telecommunications or Engineering Degree or a related field, with experience in performing Application Security testing.
Selected candidates will take part in Application Security and other Security projects in global & leading companies operating different markets.
Responsibilities and recurring main tasks
- Help managing a group of people and projects.
- Definition, implementation and execution of security testing processes into software development life cycle.
- Validation of applications security architecture elements.
- Documentation of security requirements for applications (web, mobile, SOA, etc.) alignment with security testing processes.
- Obtain and validate measurement of KPI and KRI related to security in applications.
- Build PoC with clients to determine best security testing tools to be applied.
- Vulnerability lifecycle management on client environment.
- Collaborate with clients to define best approach to maximize the security posture.
Core Skills (“Must have”)
These are the main skills that an Application Security Tester should demonstrate and exercise on a daily basis in order to fulfill its responsibilities and recurring tasks:
- Experience in conducting security checks (static, software composition and dynamic code analysis, vulnerability analysis in applications and application penetration tests), analyzing test results, documenting risks and recommending countermeasures.
- Develop and document security evaluation test plan and procedures.
- Assist in researching, evaluating, and developing relevant Information Security policies and guidance.
- Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.
- Develop, assemble, and submit testing results reports that document testing activity and results to support the creation of risk assessments and approval packages.
- Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
- Experience in testing APIs security (also related with mobile applications).
- Security knowledge in web applications and common vulnerabilities.
- Knowledge of security in micro-services and Single Page Applications is valuable.
Valuable Skills (“Nice to have”)
Although not all of them are required, breadth and depth of the following skills are positive valued for an Application Security Tester role:
- Technology Ecosystems: General knowledge in at least one of the most enterprise-used programming languages as Java/C# .NET, C/C++, Javascript, PHP, Ruby/Perl/Python, Java Android/Kotlin, Objective-C/Swift, Powershell…
- Static Code Analysis Tools (SAST): Experience with at least one of the following static code analysis solutions: Checkmarx, Veracode, Kiuwan, Fortify, SourceClear, BlackDuck, Nexus, SonarQube…
- Software Composition Analysis Tools (SCA): Experience with at least one of the following software compositon analysis solutions as Dependency-Check, SourceClear and/or WhiteSource…
- Dynamic Application Analysis Tools (DAST): Experience with at least one of the following dynamic application analysis solutions: Burp Suite, Postman, MobSF, Qualys, Acunetix, Nessus, Webinspect…
- Authentication and authorization: Valuable Knowledge on SOA security and security focused on mobile applications (REST, JSON, OpenID, OAuth, WebToken, SSO).
- Security standards: Experience with OWASP Testing Guide, OWASP TOP 10 and knowledge of other well-known security standards of the industry: OWASP-M, SEI CERT-J, SEI CERT-C, PCI DSS…
- Application Security standards: Experience with OWASP TOP 10, OWASP ASVS, CWE, MITRE, CAPEC, SANS 25.
Valuable certifications
- CSSLP, OSCP, OSWE
Madrid
Requesting an Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs such as for a disability or religious observance, please call us toll free at 1 (877) 889-9009 or send us an email or speak with your recruiter.
Equal Employment Opportunity Statement
We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.
For details, view a copy of the Accenture Equal Opportunity Statement
Accenture is an EEO and Affirmative Action Employer of Veterans/Individuals with Disabilities.
Accenture is committed to providing veteran employment opportunities to our service men and women.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. Further, at Accenture a criminal conviction history is not an absolute bar to employment.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.
California requires additional notifications for applicants and employees. If you are a California resident, live in or plan to work from Los Angeles County upon being hired for this position, please click here for additional important information.
Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.
We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.
At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.
Join Accenture to work at the heart of change. Visit us at www.accenture.com.