Application Security Expert
About the Job
Applications Security Expert
Schneider Digital is the global IT organization within Schneider Electric. The Applications security and compliance framework is an Schneider Digital initiative to elevate the level of security and compliance of applications that the organization delivers.
The Applications Security Expert will work with project teams to ensure applications meet strict security policies.
- Understanding project deliverables and application details
- Running automated and manual security checks (not limited to tools) to uncover security holes in the system
- Propose mitigation steps for identified risks and threats
- Providing recommendations from a security perspective based on understanding of application and results of checks
- Working with the Regional CISO, Digital Risk Leaders and keep up to date with Schneider Digital standards, policies and tools
Requirements for Applications Security Expert
Behaviors and Competencies
The Applications Security Expert must demonstrate mature behaviors including:
- Strong written and verbal International communication skills, with a proven ability to communicate with technical staff, as well as project teams
- Keeping pace with standards and technologies related to security
Education and Training
- BE or MS or MCA Computers Science or Information Technology or related fields
- M. Tech Computers Science or Information Technology or related fields
- Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc
- Security - Web, Mobile, Thick Client, Network etc
- Applications Development & Delivery
- Communications (Written and Oral)
- Interpersonal Skills
The Applications Security Expert should have in-depth knowledge and experience of the following:
- Pentest standards and methodologies, OWASP
- Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments
- Good understanding of server vulnerabilities (Linux, Windows) and hardening
- Familiarity with cloud platforms (preferably AWS)
- Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
- Experience with automation, scripting (Python, Perl, Ruby, etc.)
- Proactive interest in emerging technologies and techniques related to penetration testing
- Ability to translate technical security topics in a business-friendly manner
- Demonstrable teamwork skills and resourcefulness
- 5+ years of experience in IT security
- Min 2+ years of experience in penetration testing of web/mobile (iOS & Android)/API/thick client
- Experience with red teams or CTF (Capture the Flag)
- Experience with reverse engineering
- Presented exploit POC/ research concepts at forums like exploit-db.
- Participated in national/ international cybersec conferences.