Fortify (DAST ( Webinspect), SSC , API) , Azure DevOps(RARR Job 3377)

"Mandatory Skills: Fortify (DAST ( Webinspect),  SAST (SCA), SSC , API) , Azure DevOps
Primary Skills:
1.       Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) and ; Dynamic Application Security Scan/Analysis (DAST)
2.       'Good knowledge of Application Threat Modelling, RASP, IAST
3.        Good hands-on experience on AppCheck, Veracode and Fossa
4.        Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application +   Infrastructure level
5.        Experience of building Security Gates / threshold levels for build pass/fail
6.        API Security, Container Security implementation / good knowledge
7.        Information Systems/Network Security experience
8.        Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis
9.        Expertise in OWASP and ; Good knowledge of NIST, SANS, PCI, ISO 27001
10.      Mobile Application Security testing
11.     Proficient with manual and automated scanner approaches
12.     Sound Knowledge of Devops environment
13.     Implemented DevSecOps (Secure CI/CD integration)
14.     Integration, Management, and configuration of DevSecOps Tools
15.     Preparing security advisories and defining the severity levels for the vulnerabilities
16.    Scanning, validation and reporting of vulnerabilities on daily and monthly basis
17.       Preparing monthly security reports for the management
Certifications:
•                     Requirement: Certified Ethical Hacker (CEH), Bachelors / Master’s in computer science / IT-Cyber Security
•                     Desirable: OSCP, CISSP
Other requirements:
•                     Good Communication skills
•                     Managing projects and schedules.
•                     Mentoring application security testers, providing guidance in testing techniques, and assisting in the development of exploits for complex vulnerabilities.
•                     Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, OWASP ASVS, etc.).