Senior Application Security Architect

The Application Security Assessment Specialist/Engineer is responsible for evaluating the security posture of web, mobile, and API-based applications and its dependent infrastructure through manual and automated assessments. This role involves hands-on experience in various security testing techniques, including architecture and design review, threat modeling, static and dynamic analysis, and penetration testing. The specialist will also contribute to red team capabilities, develop custom tools, and possess strong knowledge of industry security standards and tools.

Must Have

• Evaluate the security posture of web, mobile, and API-based applications and its dependent infrastructure.
• Hands-on experience with Architecture & design review, Threat modelling, Static analysis (SAST).
• Experience with Manual secure code review / deep code dive, Dependency and supply-chain analysis.
• Proficiency in Dynamic analysis (DAST), Interactive analysis (IAST), Configuration & IaC review.
• Experience with Database security testing, Mobile app tests, API endpoint tests.
• Ability to do deep dive study and provide ASVS report.
• Hands-on experience with White box, Grey box testing techniques.
• Red team capability to test applications/infrastructure and provide recommendations.
• Technical expertise in penetration testing and exploit development, social engineering.
• Programming skills in Python, Ruby, C/C++, Bash for custom tools, payloads, and automating tasks.
• Knowledge on API testing (Postman, Swagger), Java, .NET, Python, JavaScript, Node.js.
• Hands-on skills to modify existing exploits or create new ones for novel vulnerabilities.
• Good Knowledge on NIST, PCI DSS, ISO 27001, OWASP Top 10, ASVS, CWE/SANS 25, CAPEC, and MITRE ATT&CK for applications.
• Hands-on experience with tools such as Burp Suite, Checkmarx, Veracode, Fortify, HCL AppScan, or Netsparker.
• Bachelor’s degree in any engineering stream or Computer Science or equivalent, Information Security.
• 10-15 years of experience in application security architecture and Security assessment, penetration testing, or related roles.
• Good communication skill, stakeholder management, negotiation skills and presentation skills.

Good to Have

• Preferred certifications: OSWE, OSCP, GWAPT, CPT, CEH, or GIAC GWEB, GIAC (GRTP), (CCRTS).
• Strong analytical and problem-solving skills.
• Deep understanding of web, mobile, and API security concepts.
• Excellent written and verbal communication skills for technical and non-technical audiences.
• Ability to work independently and in cross-functional teams.

Job Description:

Position: Application Security Specialist Company: Likewize Location: Chennai Job Summary: The Application Security Assessment Specialist/Engineer is responsible for evaluating the security posture of web, mobile, and API-based applications and its dependent infrastructure through manual and automated assessments. Key Skills:

1. Hands-on experience to Architecture & design review, Threat modelling, Static analysis (SAST), Manual secure code review / deep code dive, Dependency and supply-chain analysis, Dynamic analysis (DAST), Interactive analysis (IAST), Configuration & IaC review, Database security testing, Mobile app tests, API endpoint tests, able to do deep dive study and provide ASVS report.

2. Hands-on experience to White box, Grey box testing techniques.

3. Red team capability to test our applications/infrastructure and provide recommendations.

4. Key skills also involve reconnaissance, threat intelligence, and the ability to create custom tools to evade detection while mimicking real-world adversaries, as well as strong communication skills for reporting findings.

5. Technical expertise in penetration testing and exploit development, social engineering.

6. Programming skills in languages like Python, Ruby, C/C++, Bash, crucial for developing custom tools, payloads, and automating tasks. Knowledge on API testing (Postman, Swagger), Java, .NET, Python, JavaScript, Node.js, etc.)

7. Handson skills to modify existing exploits or create new ones for novel vulnerabilities.

8. Good Knowledge on NIST, PCI DSS, ISO 27001, OWASP Top 10, ASVS, CWE/SANS 25, CAPEC, and MITRE ATT&CK for applications.

9. Hands-on experience with tools such as **Burp Suite, Checkmarx, Veracode, Fortify, HCL AppScan, or Netsparker etc.,.

10. Preferred certifications: OSWE,OSCP GWAPT, CPT, CEH, or GIAC GWEB. GIAC (GRTP), (CCRTS)

11. Strong analytical and problem-solving skills.

12. Deep understanding of web, mobile, and API security concepts.

13. Excellent written and verbal communication skills for technical and non-technical audiences.

14. Ability to work independently and in cross-functional teams.

Qualifications, Experience and Skills

1. Bachelor’s degree in any engineering stream or Computer Science or equivalent, Information Security.

2. 10-15 years of experience in application security architecture and Security assessment, penetration testing, or related roles.

3. Good communication skill, stakeholder management, negotiation skills and presentation skills.