KEYACCOUNTABILITIES Provide inputs andimplement policies, systems and procedure for the assigned team sothat all relevant procedural / legislative requirements, fulfilledwhile delivering a quality, cost-effective service.
s and department requirements, policiesand quality standards. Perform thorough application securityassessments and ensure the risks identified are tracked for closureEnsure Penetration testing activity is carried out and the risksidentified are tracked for closure Coordinate with respective teamto get relevant details about the application, sprint plans, usecases being developed.
Understand the sprint plans and developsecurity test cases and execute appropriate testing. Configuresecurity tools in CI / CD pipelines - SAST, DAST and SCA forapplications security assessments.
Well versed in best practiceslike OWASP Top 10, SANS Top 25 etc., compliance and regulatoryrequirements. Scan the web application with / without the credentialson different user roles, if applicable Conducting secure codereviews using automated and manual tools Review all the findingsidentified during application security assessment and remove falsepositives Share Application Security Assessment report, discuss andreview the findings to agree on action plan with respective teams.
Request the teams to discuss regarding the findings and to agree onthe action plan & target dates for closure of the findings.
Conduct retest the findings and provide a final report for thesame. Application security training for developers, identifyingissues and provide recommendation for vulnerabilities closure.
Coordinate with respective teams and get all the relevant detailsabout the application to start penetration testing. Coordinate withPT vendors for initiating the security testing and support thetechnical issues faced during the assessment.
Consolidate thefindings identified and upload to bug tracking tools. Functionswithin the framework and boundaries of Group policies as well asoverall organisational and governance frameworks.
Authorised totake decisions as per the approved authorisationmatrix.