Job Description

Job Description:

This position is a Sr Specialist Cyber Security for performing advanced application security testing in Cyber Security Organization with strong technical knowledge of development practices/language knowledge, identify test methods to effectively identify exploitable vulnerabilities in the full technology stack of target applications. Grey box testing of applications that includes both unauthenticated perimeter hardening attack scenarios as well as authenticated privilege escalation attacks that enumerate complex attack chain vulnerabilities.

Roles and Responsibilities:

Perform SAST/SCA/DAST scans using industry vulnerability scanner
SAST/SCA – Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE’s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file.
DAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.
Adversary based approach to test plan development
EcoSystem Testing
During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities.
Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users
Perform manual validation and false-positive analysis on the automated scan results. 
Provide remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks.
Execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams.

Required/Desired Skills

Overall – 8+ years of IT experience

7+ years of application security experience
5+ years of Application Security testing experience
3+ years of penetration testing experience
Bachelor's degree required.
Deep familiarity with the OWASP Top 10 and other security concerns for web applications
Deep Understanding of OWASP Application Security Verification Standards (ASVS)
Deep understanding of SAST, DAST, SCA Scanning practices
Experience in scanning leveraging Veracode, Appscan.or other enterprise tools.
Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools
Understanding of SAST, DAST tools and dependency scanning tools
Experience working/integrating with secret management systems
Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.)
Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications
Strong documentation skills
Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required)
Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team
Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas

Technical Skills: SAST, DAST, SCA and penetration testing

Additional information (if any): Flexible to provide coverage in US morning hours upon need.

Weekly Hours:

40

Time Type:

Regular

Location:

Bangalore, Karnataka, India

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.