Security Test Lead

The primary objectives of the Security Tester are to deliver and enhance various security services.
The services include technical security assessments of applications and infrastructure, design
reviews as well as risk assessments. This is a hands-on role, requiring technical skills from the
hardware to the application layer.

Responsibilities:
Perform application and infrastructure penetration tests

Review and define requirements for information security solutions

Perform security reviews of application designs, covering all types of applications (web
application, web services, mobile applications)

Publish and perform the Security/Penetration tests and certify the release of web applications

Work with developers, product development, and operations teams to develop Security
testing strategy

Ability to track test execution, facilitate and drive testing effort.

To conduct Application Security testing for Web / Mobile websites to assess the
vulnerabilities. Conduct Manual and Automated testing of Application & database,conduct
white/black/grey box testing

Device methods to automate testing activities and streamline testing processes

Read and analyze global policies and adjust internal requirements accordingly

Conduct hands-on testing, analyze test results, document risks, and recommend
countermeasures

Elaborate tests and deliver written reports suitable for viewing by clients

Researching, evaluating and developing relevant Testing tools and methods

Must have strong troubleshooting/problem solving skills.

Excellent communication and reporting skills to executive management on testing activities

and issues.

Copyright 2017 Skava Inc. All rights reserved. Confidential and Proprietary
 Security Test Lead

Minimum Qualifications:
Bachelors or Masters in Engineering or related technical field (In lieu of degree, relevant
skills or equivalent experience).

Should have Strong knowledge in security tools like Burpsuite, Owasp ZAP, Fiddler, Nessus,
Netsparker,Vega, Zap or related tools.

Strong understanding and hands on experience on application and infrastructure

vulnerabilities, automated/manual testing, auditing and remediation techniques

Strong Understanding of OWASP, WASC 2.0 Threats classification

A Clear understanding of HTTP protocol concepts. (Cookies, Sessions, Headers, LocalStorage)

6+ years of working experience in IT Security, preferably with exposure to application

security testing

Should have exposure to JIRA or related tools.

Working knowledge of Security principles, techniques and technologies

Good understanding of network protocols, design and operations

Preferred Qualifications:
Application development background example of languages include C, C#, C++, Java, J2EE

Understanding of server and client side application development

Copyright 2017 Skava Inc. All rights reserved. Confidential and Proprietary