- Conduct source code review of findings reported by SAST scans and apply secure coding expertise to identify true positives.
- Liaise with other technical stakeholders to convey the secure code rationale with regards to identified vulnerabilities.
- Advise development teams on the remediation of security vulnerabilities
- Present to senior management on the risk that vulnerabilities present.
- Corelate between SAST and DAST findings for better analysis.
- Code testing of remediations.
- Collaborating with application security engineers to configure and tune scanners.
- Experience in programming languages (eg Java/JEE, .NET, Android, iOS/Swift)
- Experience in open-source frameworks (eg Spring boot, Struts, Hibernate, log4j, slf4j, Axis/Cxf)
- Knowledge of application servers (eg Tomcat, JBoss, IIS)
- Understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
- Knowledge of network and web related protocols/technologies
- Knowledge of Secure Coding.
- Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
- Experience in SAST assessment and tools like Checkmarx/HP-fortify etc.
Registration No: R1877139
EA Licence No: 20C0336