Application Security Auditor

 

Reporting Structure

Reports to Sr. Manager - Systems Audit

Education:
  • Graduate in Computer Science or B. Tech

Experience (years):
  • 5-8 years of experience in Audits and Risk assessment services of web and client based applications
  • Must have experience in conducting risk assessment of business and support applications
  • At least 2 years of experience in mobile applications assessment/audits in a medium to large enterprise
  • Must have hands-on experience in evaluating OWASP security practices for applications
  • Must have experience in implementing or consulting engagements in Secure SDLC projects
  • Must have experience in Coding and application development
  • Strong knowledge of programming languages for application and mobile
  • Experience in carrying out code review and black/grey/white box testing is a plus 
  • Excellent written, oral communication and presentation skills
  • Excellent organizational, communication and interpersonal skills
  • Ability to work independently or as part of a team

Industry:

Information technology / Financial services

Responsibilities
  • Developing project plans, work programs, evaluating system controls, documenting results, making recommendations, and communicating information to stakeholders
  • Conduct Audit of the web, mobile and client based applications- internal and those exposed to the Internet
  • Audit of application design components, User Access Control, Website communication, application layer, interfaces to databases etc.
  • Identify and draft thought leadership articles pertaining to technology aligned operational and other categories of risk
  • Audit change management, patch management, incident management, backup management
  • Audit the development practises (S-SDLC) and coding practises
  • Should be a self-learner and must keep updated with new regulations, developments and technologies related to cyber security
  • Develop and maintain audit checklist and documents
  • Review the Vulnerability assessment and penetration test reports for effectiveness
  • Research public domain to keep up to date knowledge on latest Application Security threats and vulnerabilities
  • Candidate will have to travel extensively within Mumbai and across the country for performing audits
  • Contribute towards service and process improvements towards improving cyber security resilience in banking sector
  • Continuous learning in identified security competencies and new/emerging technologies

Certifications

  • MCSD
  • Certification in Mobile Application Security testing
  • CISA
  • Oracle certified, Java certifications

Employment Type
  • All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of three years, extendable by mutual consent.