Technical Solutions Architecture Analyst @ NTT Data

Role overview

Application Security analyst is responsible for building solution offerings of Application Security as a service comprising of Secure Code Review (SAST, OSA DAST), IAM, Vulnerability Assessment, Monitoring for client. Candidate will be responsible for application security solution roadmap, implementation as a consulting stream. Build a relationship with NTT client and act as a COE for application security area. Understand existing and forthcoming security technology consulting services from both a business and technical perspective

Role Responsibilities

• Assist development teams to scan/test using CheckMarx and AppScan (Standard Enterprise)
• Triage the scanned tool report results
• Review findings with appropriate stakeholders followed by categorize the findings (True findings, False positive, etc.)
• Provide remediation guidance for each release after FP analysis
• Evaluate the risk and communicate with Application Security team, Stakeholders
• Generate report which includes risk description, impact, risk rating, affected areas and recommendation on how to remediate vulnerabilities
• Assist stakeholders in remediation of findings
• Re-test to confirm remediation of findings and closeout with stakeholders
• Generate status reports periodically
• Document critical issues in internal assessment tools
• Able to review code manually to find security vulnerabilities

Technical experience and skills

• 3-5 years Application security experience including development experience
• Mandatory Expertise in CheckMarx (SAST) and AppScan (DAST) tools
• Experience on other tools such as Postman, Soap UI, Burp suite
• Remediation experience on Java, Jscript, JavaScript, Scala etc.
• Desired to have experience on DevSecOps to on-board the scanning components to CI/CD pipelines.

Qualifications and other skills/ competencies:

• Degree in Computer Science / Engineering
• Excellent communication and interaction skills
• Self-initiator, interact, coordinate and collaborate with teams
• Certifications like CEH, CISSP, CISM, CISA is an added advantage