Opening with EY_ Application Securi...

EY is seeking an experienced Application Security professional to join our team in Bengaluru, Noida, or Chennai. This hybrid role requires expertise in Application Security, including SAST, DAST, DevSecOps, and IAST. The ideal candidate will have 2-15 years of experience and a proven track record in securing applications throughout the development lifecycle.

Key responsibilities include:

• Performing manual and automated SAST assessments.
• Utilizing scripting/programming skills (Python, PowerShell, Java, Perl, etc.) to enhance security processes.
• Staying updated on the latest exploits and security trends.
• Familiarity with dynamic web application vulnerability scanning tools such as Acunetix, HP WebInspect, HCL AppScan, and BurpSuite.
• Proficiency with static code analysis tools including CheckMarx, Snyk, Fortify, Veracode, Coverity, and IBM AppScan Source.
• Experience in developing complete DevSecOps CI/CD pipelines using open-source tools.
• Working with SCM tools like Github, Gitlab, and Bitbucket, and integrating them with CI/CD pipelines via webhooks and actions.
• Implementing various CI/CD phases: secret scanning, SAST, SCA, DAST, Infrastructure as Code, Compliance as Code, and vulnerability management.
• Optimizing pipelines for optimal results and developing a maturity model for DevSecOps programs.
• Understanding of common web application vulnerabilities, including the OWASP Top 10.

Required Skills:

• Application Security (SAST, DAST, IAST)
• DevSecOps
• Scripting/Programming (Python, PowerShell, Java, Perl)
• Web Application Vulnerability Scanning Tools
• Static Code Analysis Tools
• CI/CD Pipeline Development
• SCM Tools (Github, Gitlab, Bitbucket)
• OWASP Top 10