Principal Infrastr Eng

Mphasis (Bangalore, KA, India) 12 days ago

Job Description

Role : Application Security Tester (L6)

Location : Bangalore

Who are we looking for?

The Cyber security delivery team that owns the managed security services for this client, has an opening for a PAM Engineer specialized in Conjur Secret management tool ,CyberArk version 11.1 PAS ,CyberArk Application Access Manager (AAM)

Technical Skills:

 8+ years of working experience and strong understanding of Static and Dynamic Application Security Testing (vulnerability assessment & manual penetration testing) of web applications, web services, APIs and microservices including on cloud

 Working experience and good understanding of application development, SDLC process and DevSecOps

 In-depth knowledge of Static & Dynamic Application Security Testing and manual penetration testing tools

 Strong understanding of architecture diagrams & evaluating complex applications

 An expert in Threat Modeling concepts and able to follow STRIDE/ VAST/ PASTA methodology using a tool or manually

 Review Threat models & engineer security controls to protect application, data and systems

 Strong information security threat & risk-based prioritization abilities

 Good hands-on understanding of Microsoft SDL tool or Threat Modeler tool

 Analyze vulnerability reports, segregate & prioritize the vulnerabilities and do impact analysis, risk assessment and identify false positives

 Solid foundation of common software vulnerabilities and their remediation/ mitigation techniques

 Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST and GLBA)

 Working knowledge of vulnerability assessment using industry best practices such as OWASP top 10, CWE/ SANS TOP 25 standards

Process Skills:

 Produce actionable, threat-based, reports on security testing results

 Demonstrate security testing results, explain the threat presented by the results, and consult on remediation/ mitigation

 Co-ordinate and follow up with application developer teams for remediation till it’s fixed in defined timelines

 Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators

 Capable of analyzing customer requirement and design/ implement per project defined process

 Demonstrated strong personal mastery, including ethics, interpersonal skills, and engagement in continuous learning

 Has ability to drive resolution of problems

 Able to communicate and present complex issues with assurance and confidence

 During troubleshooting calls have good skills in questioning, listening, ideas development, permission and rapport, and influencing

 Ability to work with a team to provide written responses to technical tasks and/ or reports/ documentation

Behavioral Skills :

 Excellent communication skills, both verbal & written

 Participates as a team member and fosters teamwork by inter-group coordination within the modules of the project

 Effectively collaborates and communicates with the stakeholders and ensure client satisfaction

 Foster and maintain relationships with key stakeholders and business partner


 Somebody who has at least 8+ years of work experience in Security domain

 Education qualification: B. Tech, BE, BCA, MCA, M. Tech or equivalent technical degree from a reputed college

Certification: CEH

Principal Infrastr Eng

Apply On Company Site
Back to search page