Job Summary
Strong knowledge and understanding of OWASP Top-10 vulnerabilities „h Hands-on experience on SAST (Static Application Security Testing), secure code review and manual penetration testing of application to identify software vulnerabilities and to perform false positive analysis „h Hands-on experience to manage and perform manual & automated SAST using variety of tools and frameworks, identify false positives from tool reports „h Good knowledge of mitigations to fix security vulnerabilities like SQL Injection, Cross-site Scripting, Command Injection, CSRF, etc. „h Good Knowledge of Secure SDLC methodology and Threat Modelling „h Analyse and improve security features and security solutions for a wide range of HCL applications „h Candidate must have development background and good secure coding skills to ensure coding best practices „h To coordinate & work with internal stakeholders and provide consulting as SME. Close interaction with stakeholder to implement goals of the enterprise application security program. „h To develop new technical capabilities within team through internal trainings „h To perform QA on SAST deliverables, ensure testing SLA & quality and support overall operational process „h Review, upgrade and document corporate application security policies „h Candidate must be quick learner and serving as a SME within function to provide support to team & Stakeholder to enhance the technical capabilities. Help to mature AppSec program by taking new initiatives to meet application security objectives. Hands-on experience in implementing DevSecOps practices by integrating security controls into CI/CD pipelines (Azure DevOps, GitHub Actions etc.).Experience in embedding SAST, DAST, SCA, Secrets Scanning, and IaC scanning into build and release pipelines with fail/pass gating.Knowledge of shift-left security concepts and automation of security testing early in the SDLC.Experience securing and reviewing Infrastructure as Code (IaC) (Terraform, ARM, Bicep, CloudFormation) using automated security tools.Familiarity with container and Kubernetes security (image scanning, runtime security, Kubernetes security best practices). Major Areas of Responsibility Key Parameters Major Tasks Participate in the application security assessments & operational activities. Perform SAST assessments as day-to-day operational activities, execute QA on deliverables and ensure testing SLA. Experience on SAST, secure code review and manual penetration testing of application to identify software vulnerabilities and to analyse false positive Working closely with HCL application development teams to ensure coding best practices, HCL standards, robust secure design & development skills Close interaction with stakeholder to implement goals of the enterprise application security program. Participate in a team environment in order to deliver a seamless service. Serving as a subject matter expert within function and provide support to team to enhance the technical capabilities within team. Attend and actively participate in team meetings. Participate in training and personal development courses. Manage service processes and procedures. Support HCL Application Security activities. Review, upgrade and document corporate application security policies and procedures on regular basis. Problem Solving Candidate will act as an interface for the stakeholders and should have following ability to manage day to day job: Requires the ability to respond proactively within the scope of a global, fast-moving corporation. Requires the ability to judge the gravity of a situation and an awareness as to what one can, personally to bring it to resolution, as well as when
Key Responsibilities
2. To Monitor And Track Tickets/Change Requests And Manage Slas.
3. To Prepare And Submit Status Reports For Minimizing Exposure And Risks On The Project Or Closure Of Escalations
4. To Work Towards Continuous Improvement And Perform Root Cause Analysis On An Ongoing Basis.