Roles/Responsibilities:
· Chrome/Firefox/Edge Development tools to see the request/response headers
· Experience with Application Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud) a must.
· Experience with Coverity, BlackDuck, STRM, Fortify a plus
· HTTP Request/Response headers for web and Restful API calls
· Ability to explain in detail any of the OWASP top 10 vulnerabilities
· Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
· API Security
· JWT
· OAUTH/OIDC/PKCE
· Web, API replay attacks
· High-level understanding of containers
· Cloud development experience (Azure, AWS, GCP)
Mandatory Skills:
- 3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
- 3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
- 3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
- 3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.