Senior Quality Engineer - Application Security
- Responsible for conducting applicationsecurity testing
- Subject matter expert for applicationteam in terms of application security
- Responsible for performing dynamic andstatic application security testing focusing on vulnerabilities assessments,static analysis and penetration testing using automated and manual tools.
- Produce clear but detailed testreports which shows conclusions of testing
- Review test results and analyse datato understand software risk and areas of concern
- Prepares, maintains and executetechnical security plans
- Explain and demonstrate applicationvulnerabilities and provide recommendations for mitigation
- Communicate and provide advisory onsecurity vulnerabilities with project team and stakeholders
- Work with DevOps to automate applicationsecurity tests into DevSecOps and Continuous Integration process
- Work with application development teamto review codes, improve and educate team on secure coding
- Share security related information andexpertise within the project team through on the job coaching, pairing,formal/informal classroom training or sharing
- Conduct internal and external securityand compliance review on information assets
- Monitor regulatory requirement &technology advances to identify relevant trends & threats
- Degree or Diploma in Computer Science,Information Technology, Digital Media or related disciplines
- Possess professional certificationsuch as CISSP, OSCP, CREST, CEH, CPTC, SAN, ISTQB CFTL or other relevantcertification will be an added advantage.
- Minimum 2 years' experience in securecode review in at least one of the following programing language/environmentsuch as Ruby, Java, .Net, and/or Node.JS.
- Minimum 3 years' experience inpenetration testing on web application.
- Familiar with HTTP, SOAP, WSDL, REST,SSL standards, security models and common API client architecture
- Familiar with common web applicationvulnerabilities and technical knowledge to address and mitigate vulnerabilities
- Familiar with industrial securitytesting tools such as but not limited to Checkmarx, WebInspect, Fortify Suite,Burp Suite, Nessus, Kali Linux
- Experienced in secure scrum, agiletesting environment will be an added advantage
- Good communication and interpersonalskills
- Good analytical and writing skills
- Good team player and meticulous
Cognizant (NASDAQ-100:CTSH) is one of the world's leading professional services companies,transforming clients' business, operating and technology models for the digitalera. Our unique industry-based, consultative approach helps clients envision,build and run more innovative and efficient businesses. Headquartered in theU.S., Cognizant is ranked 195 on the Fortune 500 and is consistently listedamong the most admired companies in the world. Learn how Cognizant helpsclients lead with digital at www.cognizant.com or follow us @Cognizant.