Good understanding of OWASP Top 10 & OWASP Mobile Top 10with practical skills to perform secure code reviews, dynamic security assessments
& At least 5 years of experience in .net with Web API development and Web Security profiling
• Very good experience in Azure/.Net applications, C#, web API programming, Java scripting
• REST API Concepts, Verbs, difference between Verbs, Design Patterns
• Good knowledge in Dependency Injections, Factory Patterns and Singleton, Multi-threading in Web API Security
• Experience in Performance difference between SOAP , REST API and React JS and JQuery
• Good understanding of Android /iOS programming constructs & Dynamic security assessment exposure
• Good Understanding of Secure DevOps integrations
• Proactive attitude to deal with volumes of flags and larger applications with accuracy to detail while scoping, configuring scans.
• Ability to be multi-tasking and meet the timelines/SLA.
• CEH certification/Security+ is mandatory with minimum of 2+ yrs
of experience
• Hands on ability to generate POC for flags, interpret findings and facilitate remediation assistance with moderate/less supervision.
• Ability to perform mobile security assessments (static/dynamic) will be added advantage.
• Predominant technology land-scape for app-security was 60% of .Net apps, 25% of Java, 15% of mix of different technologies
Hence ability to interpret programing constructs are mandatory.
• Good communication and written skills is mandatory (As our analyst has to speak with dev
Teams across Humana with business folks spanning from different time zone)
• Expected to work in regular work schedule (9.30 – 6.30 PM) with set expectation to work on morning or afternoon shift based, if any required (rarely).
• Ability to work with enterprise security tools IBM Appscan Source/Standard, Cigital SecureAssist, BurpSuite pro etc.
• Remediation Assistance for both App& Mobile security with wide variety of programming languages on different platforms
• Security/CEH/CISSP preferred with hands-on expertise to deal with multiple stakeholders