| Essential Skills: | Expertise in web application security testing Experience in security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools Expertise in mobile application security testing Expertise in Web application firewall Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing. Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25 Ability to Client and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond). Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP. Experience with security tools like Fortify, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk Strong knowledge of cryptography, API security, and secret management Security certifications such as OSCP Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management. |