Associate Consultant - Identity Management Job
Hyderabad, IN Hyderabad, TG, IN Bangalore, KA, IN Bangalore, KA, IN
YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.
At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.
We are looking forward to hire Identity Management Professionals in the following areas :
Position Name: Application Security Lead
Description
YASH is a Digital services enabler organization delivering vast portfolio of digital services to customers across the globe. Our topline services include Cybersecurity services. We are looking for a candidate with strong security testing skills pertaining to Application Security Testing. This role will be part of vibrant YASH’s Cybersecurity – Application Security services team.
As an Apps Sec Expert, you will be responsible for assessing the security of different types of applications developed in client environment. Work with develiopment teams or vendors to detect, prirotize and remediate secuity flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls.
Position: Application Security Consultant
Number: 01
Location: Across India
Total Experience: 5 – 7 years
How do you grow and be successful:
At YASH, we will offer all support to grow in your career. At the very beginning you will receive a deep knowledge of the current Application Security practice after your onboarding is completed. You will be measured on the positive contribution in delivering the services to our customers.
All our employees will have global exposure from day 1. We will offer you the chance to learn multiple security technologies and solution training programs. Our career path program will reach the highest positions and make a global career to aspiring candidates.
Key responsibilities
- Perform application security assessment for web, cloud, mobile, and thick client applications
- Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
- Perform web services (APIs) penetration testing and analyze communications between client and servers
- Perform manual penetration testing of applications using appropriate tools and techniques to uncover critical security vulnerabilities in the software, the infrastructure, the configuration and business logic
- Check separation of duties and access controls, review accounts management and check SSL certificates
- Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
- Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
- Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
- Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
Qualifications:
- Bachelor’s or Master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.)
- 5 -7 years equivalent experience
- Professional information security certification (CSSLP, CISM, CEH, CISSP, GPEN, GWAPT, OSCP or similar)
- Experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review
- Experience with network penetration testing, firewalls configuration, network architecture and security
- Experience in manual penetration testing of websites, APIs and networks using a variety of tools and technologies
- Experience in testing network isolation, escalation of privileges, authentication, expanding the attack surface and exploiting vulnerabilities
- Experience with mobile application security testing on iOS and Android platforms
- Experience securing applications on a myriad of platforms and languages including Java, .Net, Angular, etc.
- Experience in OS hardening on Windows and Linux environments
- Experience with a variety of testing tools, including: HCL AppScan, Burp Pro Suite, Veracode, Qualys Suite, NMAP, Metasploit, Kali Linux, Wireshark and OWASP ZAP.
- Understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
- Experience in identifying and resolving false positive findings in assessments
- Firm understanding of networks, operating systems and data-center architecture.
- Familiarity with cloud technologies (IaaS, PaaS, SaaS, containers) on Google, Azure and AWS environments
- Experience performing Red Team, Blue Team Operations is a strong plus.
Other requirements
- Travel will be required on need basis.
- You will be working during client business hours based on the project you will be allocated into.
- Office reporting is flexible and encourage hybrid working for this role. However, reasonable reporting into office for project meetings and client meeting attendance is mandatory.
- All working days reporting may be subjected to project or organization demand.
- Ability to work in global distributed setting without supervision
- Self-driven, Proactive, Systems Thinking
- Strong organizational, personal discipline and time management skills to manage multiple tasks and changing priorities.
- Ability to properly handle confidential information and personnel-related matters
- Strong process-oriented skills for troubleshooting, problem solving and problem resolution
- Ability to work with others to deliver and provide a high level of service
- Strong communications skills both verbal and written with the ability to talk to both business and technical people
At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.
Our Hyperlearning workplace is grounded upon four principles
- Flexible work arrangements, Free spirit, and emotional positivity
- Agile self-determination, trust, transparency, and open collaboration
- All Support needed for the realization of business goals,
- Stable employment with a great atmosphere and ethical corporate culture