Consultant

We are looking for a skilled and motivated Application Security Analyst with 3–5 years of experience in AppSec to join our SA&A team . The ideal candidate will be responsible for ensuring security is embedded in every stage of the software development lifecycle (SDLC). This role involves working closely with development, DevOps, and compliance teams to proactively identify and mitigate application security risks.

• Support vulnerability assessments using SAST, DAST, and SCA tools.
• Collaborate with DevOps , Vulnerability Management, IBM teams to ensure security is integrated into CI/CD pipelines.
• Manage the vulnerability management lifecycle, including triage, tracking, and remediation.
• Provide remediation guidance and recommendations to developers on vulnerabilities.
• Maintain and evolve secure SDLC practices and documentation.
• Deliver security awareness and secure coding training sessions.
• Demonstrate a willingness to learn, research, and innovate to improve the overall AppSec posture.
• Threat Modeling tool administration.

 

• Experience with the following tools:

1.   DAST: Qualys, Rapid7
2.   SAST: CodeQL, Checkmarx, Fortify, SonarQube
3.   SCA: Dependabot, JFrog Xray
4.   API Security: Understanding of API security principles and tools like Postman, OWASP

• 3–5 years of hands-on experience in application security or secure software development.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and secure SDLC.
• Understanding of vulnerability management lifecycle and remediation workflows.
• Understanding of threat modeling concepts.
•  API Security Top 10, or API gateways with security features.
• Familiarity with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript, C#).
• Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
• Exposure to cloud security (AWS, Azure, or GCP) is a plus.

Soft Skills Required

• Strong analytical and problem-solving skills.
• Excellent verbal and written communication.
• Ability to work independently and collaboratively in cross-functional teams.
• Strong documentation and reporting capabilities.
• Proactive, detail-oriented, and eager to learn.

Good to Have Skills

• Working knowledge of DevSecOps practices and tools.
• Experience with container security (Docker, Kubernetes).
• Certifications such as CEH or equivalent.
• Familiarity with threat modeling tools (e.g., Microsoft Threat Modeling Tool, IriusRisk).
• Experience in Agile/Scrum environments.