- Experience in conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.

- Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)

- Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code

- Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements

- Knowledge of attack vectors from OWASP, WASC and mitigation of the same.

- Knowledge in various open source security tools such as proxies, fuzzers etc

- Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).

- Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols

- Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity

- Capable of understanding end user requirements from security perspective

- Sound business and technical acumen

Good to Have :

- Integrate Security into DevOps and enable security automation in CI/CD pipeline

- Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.

- Focused and versatile team player that is comfortable under pressure

- Ability to remove barriers and enable teams to complete their objectives

- Excellent problem-solving and critical-thinking skills

- Understanding of emerging technologies and corresponding security threats

- Self-motivated, flexible, with a can do attitude.

- Solid influencing skills

- Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.