This job ad has been posted over 30 days ago...



Security Tester Full-time

at AVEVA in Hyderabad (Published at 04-11-2015)

Job Purpose

To be a senior member of the test team which is based in Hyderabad. The senior test engineer (Security) will be reporting to test manager in Hyderabad.

The senior test engineer(Security) will be responsible for ensuring the high security standards of AVEVA software deliveries to customers.

The role of the senior test engineer(Security) is to independently research and prepare security test plan, threat model, security testing project schedule for multiple projects. He must be able to identify attack entry points, assess risk and prepare test strategy for the same.

Principal Accountabilities

• Independently advise stakeholders of best security test strategy to use for each project.
• Define security testing framework and best practices for PD testing group.
• Exploit security flaws and vulnerabilities with attack simulations on multiple systems and projects working against specific focused scopes of work.
• Integrate the security testing activity into the development/testing lifecycle.
• Perform web application Penetration testing (manual and Automated) and pinpoint the security issues and suggest countermeasures for security improvements.
• Research and develop security testing tools, techniques, and process improvements.
• Assists test management to ensure the delivery of security testing activities throughout the duration of a project until release.
• Mentor junior engineers where necessary to build their skills and contribution levels in security testing.
• Executes and monitors security tests, providing regular status reports as required.

Important Working Relationships

• Work closely with the ISV test management team to define the security test objectives.
• Work effectively with development and project implementation team members.
• Work with the test management and senior test specialists for security tools and technical support.

Required knowledge, Skills & Experience

• A degree-level qualification in a relevant discipline or the equivalent level of experience gained in industry. An engineering degree and/or experience is a plus, as is experience in the gas and oil industry.
• Knowledge of security best practice guidelines.
Familiarity with one or all of the following:
Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
• Perform manual vulnerability assessment and penetration testing of applications, produce reports and walk development team through issues.
• Experience in application security testing / penetration testing tools such as Acunetix, WebInspect, Burp Suite and Fiddler etc.
• Total of 6+ years of experience, with minimum of 4+ years in security/Penetration testing with specific application penetration testing experience.
• Certification on any of the following is desirable.
CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker) or CISM (Certified Information Systems Manager).
• Possess knowledge of the agile development methodology and able to work with different scrum teams.
• Ability to solve complex technical problems and articulate to both technical and non-IT personnel.
• Provides technical guidance and mentorship to team members, as appropriate.
• Stay abreast of newer trends in tools and technologies used for web application security
• Excellent English with good communication skills both verbal and written in a concise and accurate manner.

Personal Attributes

• Effective communication skills
• Efficiency and effectiveness
• Analytical and logical thinking
• Sense of intellectual curiosity and creativity
• Critical thought and rational enquiry
• Ability to apply basic and fundamental knowledge
• Enthusiasm for learning
• Planning and time management skills

Technical skills
• Must possess a strong knowledge of enterprise application architecture and technologies including web, web services.
• Very strong understanding of browser concepts, HTTP, HTTPs, SSL, Encryption etc.
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
• Relevant Security tools knowledge in some or all of the following:
Network and web application scanners
Open source security tools such as proxies, fuzzers etc
BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, Nikto, etc.
Web Proxy tools such as Paros and/or Burp
Source Code Analyser like (SONAR , VeraCode,HP Fortify Source Code Analyzer...)
• Familiarity with one or all of the following C#, C++, Java, Visual Basic, PHP, Perl, Unix shell, Python etc
Should be able to perform code review to identify vulnerable code snippets
Should be familiar with code analysis tools.
• In depth knowledge of Microsoft OSs, Server technologies and Linux OS
Strong Knowledge of SQL server database, applications, and web server design and implementation

Note: Applications have been closed.

Recent jobs at AVEVA

Viewed: 1516 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend