Technical Lead - Security Testing @ CitiusTech

As a Technical Lead Security Testing, you will be part ofan agile team to build healthcare applications and implement new features whileadhering to the best coding development standards. Your key responsibilitiesinclude:

• Lead a team in execution of security testing projects
• Design, implement, and audit security Testing framework
• Identify the Technology Risks and associated business impact
• Provide secure product using risk analysis, threatmodelling, source code analysis, penetration testing, and vulnerabilityassessment
• Perform automated security scan on the web and mobileapplication using automated vulnerability scanner; manually analyze thefindings to identify false positives
• Conduct a manual security review to check for business logicflaws
• Provide high level recommendation for defect fixing
• Follow up with developers for closure of open defects
• Initiate and drive defect review calls withcustomer/development teams, highlight the risk associated with open securityvulnerabilities
• Implement user stories - Create automated UTs ITs,ensure code-coverage, conduct test approach reviews, create test artifacts
• Actively participate in meetings like SCRUM team daily stand-ups,user-story grooming, sprint planning, retrospective, demos, any other adhocmeetings
• Continuously monitor, stabilize, report, and enhancecoverage through Automated tests
• Work seamlessly with various tools for Defect Tracking, TestManagement, etc.

Education

• Engineering Degree - BE / BTech

Mandatory Skills

• Should have strong experience in validating different typeof Authentication and Authorization, especially AUTH/JWT token
• Exposure to security protocols like OAuth 2.0, OpenIDConnect, SAML, etc.
• Understanding of Identity provider and OAuth tools
• Strong experience in Manual / Automation API testing / RESTAssured with Java / Postman / SoapUI, etc.
• Experience with OWASP top 10
• Experience with Latest web and mobile application securitytesting tools
• Experience with automated security scan on the web andmobile application using automated vulnerability scanner
• Proven experience in designing, implementing Risk Assurance
• Framework NIST Cybersecurity Framework HIPPA,GDPR specifications
• Exposure to FHIR standard and Inferno SMART FHIR testing
• Exposure to Cloud Infrastructure assessments, E.g. AWS,AZURE
• Experience in Test Strategy/Planning, Scrum, QA processes
• Basic background in testing modern apps like React, Angular,Node API
• Exposure to CI/CD pipelines, preferably with AWS/DevOpspipeline

Desired Skills

• Proven experience in VAPT (risk analysis, threat modelling,source code analysis and penetration testing vulnerability assessment)
• Automation Experience Selenium with Java
• Mobile Security Review
• Experience in database testing will be added advantage
• Basic understanding of Kubernetes/Docker and anycontainerize application is a plus