Team Lead - Application Security - Bank

Knowledge of

• OWASP, SANS/CWE and WASC (Testing approach and top web application vulnerabilities)
• Web application, thick client, API, Mobile (Android and ios) security testing
• Vulnerability assessment and configuration audit
• Different authentication mechanism such SAML, AD, Oauth OpenID
• Dynamic and Static application security testing
• WAF Fundamentals and working
• Black box, gray box testing
• CICD will be addon

Able to

• Manage security testing life cycle starting from allocation of resource for test request to sharing the report.
• Document, explain and communicate security requirement/mitigation to technology or business stake holders.
• Take calculated risk-based decision for any change.
• Demonstrate good communication skills verbal and written
• To do the reporting

Certifications CSSLP, CISSP, OSCP