Centific
Location
Chennai | India
Job description
Introduction As Centific Sr. Security Test Engineer you will be responsible for assessing and validating the security posture of software applications, systems, and infrastructure by conducting various security testing activities. This role involves identifying vulnerabilities, recommending mitigation strategies, and collaborating with development teams to enhance the security of digital assets. The Security Test Engineer plays a crucial role in safeguarding the organization's data, applications, and technology from potential cyber threats and attacks.
Your Responsibilities Security Testing Planning: Collaborate with development and architecture teams to understand application architecture, security requirements, and testing objectives. Define security testing strategies, scope, and methodologies for various types of security assessments. Vulnerability Assessment and Penetration Testing: Conduct vulnerability assessments and penetration testing to identify security weaknesses, vulnerabilities, and potential entry points. Use tools and techniques to simulate real-world attack scenarios and assess the resilience of applications and systems. Code Review and Static Analysis: Perform secure code reviews and static analysis to identify security vulnerabilities and coding flaws in applications. Provide actionable recommendations to developers for fixing identified security issues. Dynamic Application Security Testing (DAST): Execute dynamic application security testing to identify vulnerabilities in running applications by simulating attacks and analyzing responses. Security Assessment Documentation: Document findings, vulnerabilities, and testing results in detailed security assessment reports. Provide clear and concise recommendations for remediation and mitigation of identified security issues. Security Architecture Review: Review application and system architecture designs to assess security controls, data protection mechanisms, and access controls. Security Tool Configuration and Management: Configure, use, and manage security testing tools and frameworks (e.g., Burp Suite, OWASP ZAP, Nessus) for various security testing activities. Collaboration and Remediation Support: Collaborate with development and operations teams to prioritize and assist in the remediation of identified security vulnerabilities. Provide guidance and support for implementing security best practices and coding guidelines. Security Awareness and Training: Provide security training and awareness sessions to development teams to enhance security awareness and promote secure coding practices. Required Technical and Professional Expertise A minimum of 5+ years of experience as a Security Tester preferably in the service industry. Bachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) are a plus. Proven experience as a Security Test Engineer or similar role, with a strong background in security testing methodologies and tools. Proficiency in security testing tools such as Burp Suite, OWASP ZAP, Nessus, Metasploit, etc. Knowledge of common security vulnerabilities (e.g., OWASP Top Ten) and understanding of secure coding practices. Experience with manual security testing, dynamic application security testing (DAST), static analysis, and code review. Familiarity with security standards, compliance frameworks (e.g., PCI DSS, GDPR), and industry best practices. Strong analytical and problem-solving skills to identify and assess security risks and vulnerabilities. Excellent communication skills to convey security findings and recommendations to technical and non-technical stakeholders. Ability to work collaboratively in cross-functional teams and adapt to evolving security threats and technologies.Job tags
Salary
