Description

You will audit web and mobile application security through deep technical analysis and vulnerability assessment.

Responsibilities

• Analyze HTTP request/response headers for web and RESTful API calls using browser development tools.
• Identify and explain vulnerabilities including OWASP Top 10, XSS, Injection, SSRF, CSRF, and XML entity attacks.
• Assess API security implementations involving JWT, OAuth, OIDC, and PKCE.
• Evaluate security within containerized environments and cloud development platforms.
• Implement secure coding practices and security automation within DevSecOps workflows.

Required Skills

• 5+ years of total IT experience.
• 3+ years implementing security guidance such as OWASP Top 10, SANS, CERT, CWE Top 25, or Cloud Security Alliance.
• 3+ years of hands-on experience building and deploying secure distributed web and mobile applications.
• 3+ years of experience with networking, infrastructure, and security automation.
• Proficiency with application security scanning tools including SAST, DAST, SCA, ASOC, and Container/Cloud security.
• Experience with both compiled and interpreted languages including Angular, React, Node.js, Java, Spring Boot, .NET, or IBM WebSphere.
• Knowledge of cloud platforms such as Azure, AWS, or GCP.
• Understanding of web and API replay attacks.

Preferred Skills

• Experience with Coverity, BlackDuck, STRM, or Fortify.

Key Skills

Education

Any Graduate