• Prepare risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems in support of the Certification & Accreditation;
• Understand the trend of application security and work with teams to remediate any vulnerabilities identified during the security testing.
• Review the security architecture evaluation of new systems and create security test plans based on existing and planned controls and recommendations.
• Perform security analysis of the different layers of the systems (application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems, source code and database vulnerability scanners.
• Review scanner result reports and work with the application development community to remediate issues following a risk-based approach.
• Perform manual vulnerability assessment and penetration testing of applications, produce reports and walk development team through issues.
• Perform source code reviews to identify security vulnerabilities in source code (static analysis) when needed.
• Perform mobile application security testing (both native and web based mobile applications) on different mobile platforms (iOS and Android).
• Help develop and maintain OIS application security testing processes and procedures to incorporate new technologies and testing methodologies.
• Perform security assessments against individual services of entire AWS accounts.
• Stay abreast of newer trends in tools and technologies used for application security.
• Integrate code changes for Security into Devops.
• Automate and develop Secdevops in CI/CD pipeline in python language.
• Ability to perform cloud security assessments against individual services of entire AWS accounts.