Quality Engineer - Application Security

  • Competitive
  • Singapore
  • Permanent, Full time
  • Cognizant Technology Solutions APAC
  • 19 Oct 18

Quality Engineer - Application Security

Job Description:

  • Responsible for conducting applicationsecurity testing
  • Subject matter expert for application team interms of application security
  • Responsible for performing dynamic and staticapplication security testing focusing on vulnerabilities assessments, staticanalysis and penetration testing using automated and manual tools.
  • Produce clear but detailed test reports whichshows conclusions of testing
  • Review test results and analyse data tounderstand software risk and areas of concern
  • Prepares, maintains and execute technicalsecurity plans
  • Explain and demonstrate applicationvulnerabilities and provide recommendations for mitigation
  • Communicate and provide advisory on securityvulnerabilities with project team and stake holders
  • Work with DevOps to automate applicationsecurity tests into DevSecOps and Continuous Integration process
  • Work with application development team toreview codes, improve and educate team on secure coding
  • Share security related information andexpertise within the project team through on the job coaching, pairing,formal/informal classroom training or sharing
  • Conduct internal and external security andcompliance review on information assets
  • Monitor regulatory requirement &technology advances to identify relevant trends & threats


Job Requirements:
  • Degree or Diploma in Computer Science,Information Technology, Digital Media or related disciplines
  • Possess professional certification such asCISSP, OSCP, CREST, CEH, CPTC, SAN, ISTQB CFTL or other relevant certificationwill be an added advantage.
  • Minimum 2 years' experience in secure codereview in at least one of the following programing language/environment such asRuby, Java, .Net, and/or Node.JS.
  • Minimum 3 years' experience in penetrationtesting on web application.
  • Familiar with HTTP, SOAP, WSDL, REST, SSLstandards, security models and common API client architecture
  • Familiar with common web applicationvulnerabilities and technical knowledge to address and mitigate vulnerabilities
  • Familiar with industrial security testingtools such as but not limited to Checkmarx, WebInspect, Fortify Suite, BurpSuite, Nessus, Kali Linux
  • Experienced in secure scrum, agile testingenvironment will be an added advantage
About Cognizant:

Cognizant (NASDAQ-100: CTSH) is one of the world's leadingprofessional services companies, transforming clients' business, operating andtechnology models for the digital era. Our unique industry-based, consultativeapproach helps clients envision, build and run more innovative and efficientbusinesses. Headquartered in the U.S., Cognizant is ranked 195 on the Fortune500 and is consistently listed among the most admired companies in the world.Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.