Security testing
Alp Consulting Ltd.
Job Description
Exp- 7 to 8 Yrs Location -Mumbai(Mahape) 4 Days work from office , 1 Day work from home Key Responsibilities Pipeline Security Integration: Design, implement, and manage security tools and processes within the CI/CD pipeline. Vulnerability Management: Oversee and lead VAPT (Vulnerability Assessment and Penetration Testing) efforts for all applications. Tool Expertise: Administer and operate a suite of security tools, including: SAST (Static Application Security Testing): Checkmarx, SonarQube.
Snyx SCA (Software Composition Analysis): Snyk. DAST (Dynamic Application Security Testing): Acunetix, Burp Suite, AppScan. Threat Modeling: Conduct threat modeling exercises to identify potential security risks early in the development lifecycle.
Security Automation : Automate security testing and vulnerability scanning processes to improve efficiency and reduce manual intervention. Collaboration : Work closely with development, operations, and QA teams to remediate vulnerabilities and promote a security-first culture. Reporting : Generate and present detailed reports on security posture, vulnerability trends, and remediation progress to senior management.
Mentorship : Mentor and guide junior team members on DevSecOps best practices and security tools. Required Skills & Qualifications Experience: 5-6 years of relevant experience with Application Security, or a similar role, preferably within the Banking or NBFC sector. Technical Proficiency: Extensive, hands-on experience with SAST, SCA (open source) and DAST tools as listed above.
Security Knowledge: In-depth understanding of application security vulnerabilities, including OWASP Top 10, and common attack vectors. Pipeline Knowledge : Working Knowledge of CI/CD pipelines and experience integrating security tools into them. VAPT : Proven experience in conducting and coordinating VAPT activities.
Problem-Solving: Excellent analytical and problem-solving skills with a keen eye for detail. Communication : Strong communication and interpersonal skills, with the ability to articulate complex security concepts to non-technical stakeholders.