Application Security Engineer - Threat Modeling/SAST/SCA Job Code IND_090724_1
Netsentries Application Security Engineers will perform code-aware security assessments, Threat Modeling, SAST, SCA, Security Engineering reviews, etc., of enterprise Web/Mobile applications on different platforms developed in various programming languages. They will work closely with the Netsentries AppSec and client development teams to remedy the identified vulnerabilities.
Core responsibilities include:
⢠Perform in-depth static secure code analysis with open source and commercial tools
⢠Perform Threat Modeling and in-depth manual secure code reviews
⢠Perform security engineering reviews
⢠Reverse Engineering App binaries and analyzing the decompiled/disassembled code
⢠Prepare advisory for developers of the application on secure coding practices for addressing vulnerabilities identified
⢠Experience with assessments based on standards like etc.
⢠Collecting evidence to demonstrate the findings
⢠Collaborating with client-side application security and development teams
⢠Handle enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
⢠Execute code-aware security assessments in adherence with industry standards like
⢠OWASP ASVS,OWASP MASVS,OWASP Top10, OWASP Mobile Top 10, SANS 25, PCI-DSS, HIPAA, MITRE-CWE etc.
Experience with enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
Skills Required:
⢠A degree in computer science or related field and/or equivalent experience in software development.
⢠Exposure to industry standard development practices and programming languages would be a plus.
⢠Demonstrable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps.
⢠Excellent interpersonal communications skills.
⢠Experience with Android / iOS mobile platforms
⢠Experience in performing secure code reviews / reviewing results of static analysis tools
⢠Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities & Exposures (CVE) and their remediation recommendations
⢠Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them
⢠Understanding of OWASP Top 10
⢠Certifications like OSWE is preferred
⢠Experience working with commercial SAST/SCA solutions like Checkmarx,Veracode,Synopsis etc. is an advantage.
Apply Now
Apply Now
Core responsibilities include:
⢠Perform in-depth static secure code analysis with open source and commercial tools
⢠Perform Threat Modeling and in-depth manual secure code reviews
⢠Perform security engineering reviews
⢠Reverse Engineering App binaries and analyzing the decompiled/disassembled code
⢠Prepare advisory for developers of the application on secure coding practices for addressing vulnerabilities identified
⢠Experience with assessments based on standards like etc.
⢠Collecting evidence to demonstrate the findings
⢠Collaborating with client-side application security and development teams
⢠Handle enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
⢠Execute code-aware security assessments in adherence with industry standards like
⢠OWASP ASVS,OWASP MASVS,OWASP Top10, OWASP Mobile Top 10, SANS 25, PCI-DSS, HIPAA, MITRE-CWE etc.
Experience with enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages
Skills Required:
⢠A degree in computer science or related field and/or equivalent experience in software development.
⢠Exposure to industry standard development practices and programming languages would be a plus.
⢠Demonstrable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps.
⢠Excellent interpersonal communications skills.
⢠Experience with Android / iOS mobile platforms
⢠Experience in performing secure code reviews / reviewing results of static analysis tools
⢠Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities & Exposures (CVE) and their remediation recommendations
⢠Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them
⢠Understanding of OWASP Top 10
⢠Certifications like OSWE is preferred
⢠Experience working with commercial SAST/SCA solutions like Checkmarx,Veracode,Synopsis etc. is an advantage.
Apply Now
Apply Now