· Good understanding of OWASP top 10, SANS Top 25, CERT, WASC standards/frameworks.. Must have in-depth understanding of web technologies, web applications and Unix-like operating systems
· Hands on experience in conducting manual penetration testing for Web, API and Mobile applications. Conducting manual PT for network based vulnerability assessment
· Thorough understanding of web application vulnerabilities and their mitigation. Expertise in identify false positive and provide mitigation solution to development team.
· Experience in administration of infrastructure security activies and experience in security incident handling & security assessments. . Experience in Endpoint Security products like Mcafee, Endpoint threat detection and response technologies such as EDR
· Experience in performing hands-on activities with F5 LTM, Web application firewall deployment, configuration, policy fine-tuning and maintenance
· Hands on experience in creating WAF rules/signatures to mitigate threats and implements best practices, with troubleshooting F5 appliances
· Experience in developing iRules and apply rules within the F5 appliances, managing Zscaler cloud proxy and troubleshooting proxy issues, Performing fine-tuning of Zscaler proxy policies and on-boarding new clients
· Knowledge of common information security management frameworks, such as CIS Benchmarks for AWS, Azure and GCP, Cloud Security Alliance Guidance for critical areas of focus in Cloud Computing, Cloud Controls Matrix, and NIST 800-53.
· Experience in CI/CD implementation. Working knowledge of one or more continuous integration tools e.g. Jenkins, Bamboo.
. Performing DevOps tool integration, configuration for SecDevOps.
. Experience in working & leading vulnerability Identification and remediation process across multiple stakeholders. Proactively findings loopholes in the applications, Infrastructure, Processes, Architecture, Data