Application Security Testing-Security @ Shell Info

Job Description

Dear candidates,

Greetings of the day!!

We are Hiring for Application Security Testing - Security Architecture Review/Threat Modeling-Design.

Level 1 Sr Consultant

Shift 11 am to 8pm

Work Mode Hybrid

Primary Skills Min 4 to 5 years in cyber security stream, Threat Modeling & Security Architect Review

1) Diagram design & review design before hosting in client environment

2) Understanding the cloud & on-prem technologies

3) Involved with development team & someone who can review the architecture diagram & design phase and help in embedding security from designing phase.

4) Multiple architecture meeting to understand the business function of application & come up with security recommendation.

5) Thread modelling tools evaluate the thread & identifying the threat

6) Report & recommendation, review architecture diagram & come up with security requirement in the design

7) Knowledge of application hosted in AWS or any cloud solution for proper leverage them

8) Potential security risk & vulnerability understanding

9) Leverage thread modelling tool- Any tool is ok

10) Deep understanding of security principle & practice & standards & framework

11) Exp. 4 to 9 years for all security architecture.

12) Understanding Data flow diagram & access control & encryption mechanism (How data is stored, how is the flow of data etc

13) Not Mandatory but might have to work with designing team (Application architect)

JD

1. As a Consultant/ Sr Consultant in the hybrid operate business, you are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following:

2. Deep knowledge of application security engineering principles and helping clients development team to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling

3. Review and assess the security architecture and design of software applications, infrastructure, and network systems

4. Lead and conduct in-depth reviews of application security architectures, with a focus on cloud-based environments

5. Assess the design of cloud services and resources, identifying potential security vulnerabilities and risks

6. Ensure that security controls, encryption methods, and authentication mechanisms are appropriately integrated into the architecture

7. Understand application architecture controls & design based on security standards and regulations such as NIST, PCI-DSS, ISO etc.

8. Understand security architecture concepts including topology, protocols, components, and principles to perform threat modeling.

9. Be a liaison between the Application development and infrastructure team and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes.

Required:

1. Minimum of 3-9 yrs exp. in application security testing, deployment, and security management phases.

2. A strong foundation in security principles and concepts, including confidentiality, integrity, availability, authentication, authorization, encryption, and secure coding practices.

3. Proficiency in threat modeling methodologies and tools to identify and assess potential security threats and vulnerabilities in software and systems.

4. Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources.

5. In-depth knowledge of security architecture design and best practices, including secure design patterns, access control, and data protection

7. Knowledge of cloud security frameworks  to assess and improve security measures.

8. Familiarity with security standards and frameworks, such as OWASP Top Ten, NIST Cybersecurity Framework, ISO 27001, and CIS Controls.

9. Ability to conduct risk assessments to evaluate the potential impact and likelihood of security risks and provide risk mitigation strategies.

10. Familiarity with security testing tools like vulnerability scanners, penetration testing tools, and code analysis tools.

11. Understanding of network and system architecture, protocols, and configurations to assess security at the infrastructure level.

12. Understanding of industry-specific regulations, compliance requirements, and security challenges relevant to the organization's sector.

13. Awareness of the current threat landscape, emerging security threats, and attack vectors.

 

Preferred:

1. Bachelors in computer science or other technical fields;

2. Experience in conducting security Architecture reviews and thread modeling on cloud and onprem solutions.

3. Understanding of security essentials including networking concepts, defense strategies, and current security technologies

4. Must have cloud security specialization in Security any relevant certifications, such as CISSP, CCSP, or CISA, are a plus

Employement Category:

Employement Type: Full time
Industry: IT Services & Consulting
Role Category: TestingApplication Programming / Maintenance
Functional Area: Not Applicable
Role/Responsibilies: Application Security Testing-Security

+ View Contact

Keyskills:   architecture cloud security azure review aws security cyber threat modeling application security testing modeling-design stream threat