IT Security Analyst Specialist - (SAST, DAST, Threat Modelling , SCA) at FIS

Pune, maharashtra, India -

Full Time

Start Date

Immediate

Expiry Date

23 Jan, 26

Salary

0.0

Posted On

25 Oct, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, SAST, DAST, Threat Modeling, SCA, API Security, Secure Code Review, Cryptography, Identity And Access Management, Threat And Vulnerability Management, Burp Suite, OWASP ZAP, AppScan, WebInspect, Fortify, Veracode

Industry

IT Services and IT Consulting

Description

As the world works and lives faster, FIS is leading the way. Our fintech solutions touch nearly every market, company and person on the planet. Our teams are inclusive and diverse. Our colleagues work together and celebrate together. If you want to advance the world of fintech, we’d like to ask you: Are you FIS? About the team: It’s an amazing opportunity to join a Talented team of innovative and committed folks doing interesting work at the world’s largest global provider dedicated to financial technology solutions! What you will be doing: Develop policy and standards for application security Primarily responsible for application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management) Experience and knowledge in static application security testing (SAST), dynamic testing (DAST), Threat Modeling, Software Composition Analysis (SCA), Application Programming Interface (API), and related tools like Veracode / Checkmarx / Fortify / Black Duck What you bring: 9+ years of working experience in development and application security that includes API, SAST, DAST, SCA, Secure code review ,Threat Modeling and container scanning Experience and knowledge in static application security testing (SAST) and related tools like Veracode / Checkmarx / Fortify. Experience and knowledge in Burp Suite tool for dynamic testing (DAST). Primarily responsible for application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management). Knowledge of security technologies (encryption, data protection, design, privilege access, etc.) Experience establishing and maintaining effective working relationships with employees and/or clients Strong knowledge of development and application security Hands-on experience performing application API security assessment, static and dynamic security assessments with tools such as: Burpsuite, OWASP ZAP, AppScan, WebInspect, Fortify, Veracode, Checkmarx, etc. Knowledge of OWASP Top 10/ SANS Top 25, identify vulnerabilities via manual and automated testing methods and how to effectively remediate vulnerabilities associated with each Expert knowledge of information security principles, web applications, and intermediate familiarity with malicious code and common hacking techniques used by malicious actors What we offer you: A career at FIS is more than just a job. It’s the change to shape the future of fintech. At FIS, we offer you: A voice in the future of fintech Always-on learning and development Collaborative work environment Opportunities to give back Competitive salary and benefits Privacy Statement FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice. Sourcing Model Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company. #pridepass

Responsibilities

Develop policy and standards for application security. Primarily responsible for application security with knowledge of other security domains.