Senior Specialist I - Product Security & Privacy

• This is individual contributor role. As part of the larger Security and Privacy team, the Application Security Engineer.
• Perform comprehensive Dynamic Application security Testing (DAST)
• Understand and analyses the applications from security point of view.
• Understand the application security risks and Threat modelling of applications.
• Good to have source code review experience.
• Create and execute the corresponding security test cases to verify that the mitigations are properly implemented in the application.
• Able to guide and support development teams to fix the security vulnerabilities in the code.
• Good to know Python coding and Security Automation .

• Understanding and familiarity with common code review methods and standards.
• Experience with static analysis tools (e.g., Git hub advance security, IBM Appscan Source, HP Fortify, Synopsys BlackDuck)
• Experience in Security automation framework development or scripting language is a plus.
• Knowledge of standard Secure Development Life Cycle practices.
• Experience with Kubernetes, Amazon Elastic Kubernetes Service (Amazon EKS) security testing is a plus.
• Research and pilot new services / technologies to support secure software development
• Experience in tools like Burp Suite Pro, HP Webinspect/IBM Appscan/Acunetix and open source tools like burp, OWASP ZAP, CSRF tester etc, Burp Suite
• Experience with Open Web Application Security Project (OWASP) standards, Open Source Security Testing Methodology Manual (OSSTMM) methodologies
• Knowledge in cloud & Big data application security testing
• Sufficient understanding or exposure to testing application on below technology will be helpful

• Bachelor degree in technical stream required ( BE, ME, MS, MCA)

• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.

Philips