Application Security Consultants - Application Security Testing

• Help managing a group of people and projects.
• Definition, implementation, and execution of security testing processes into the software development life cycle.
• Validation of application security architecture elements.
• Documentation of security requirements for applications (web, mobile, SOA, etc.) aligned with security testing processes.
• Obtain and validate measurement of KPI and KRI related to security in applications.
• Build PoC with clients to determine best security testing tools to be applied.
• Vulnerability lifecycle management on client environment.
• Collaborate with clients to define the best approach to maximize the security posture.

Core Skills (Must Have)

• Experience in conducting security checks (static, software composition, dynamic code analysis, vulnerability analysis in applications, and application penetration tests), analyzing test results, documenting risks, and recommending countermeasures.
• Develop and document security evaluation test plans and procedures.
• Assist in researching, evaluating, and developing relevant Information Security policies and guidance.
• Actively participate in or lead technical exchange meetings and application review boards, documenting action items/results of these events.
• Develop, assemble, and submit testing results reports that document testing activity and results to support the creation of risk assessments and approval packages.
• Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
• Experience in testing API security (also related to mobile applications).
• Security knowledge in web applications and common vulnerabilities.
• Knowledge of security in micro-services and single-page applications is valuable.

Applicants must have a Computer Science, Telecommunications, or Engineering degree or a related field, with experience in performing Application Security testing. Selected candidates will take part in Application Security and other Security projects in global & leading companies operating different markets., * General knowledge in at least one of the most enterprise-used programming languages (Java/C#, .NET, C/C++, JavaScript, PHP, Ruby/Perl/Python, Java Android/Kotlin, Objective-C/Swift, PowerShell).

• Experience with static code analysis solutions (Checkmarx, Veracode, Kiuwan, Fortify, SourceClear, BlackDuck, Nexus, SonarQube).
• Experience with software composition analysis solutions (Dependency-Check, SourceClear, WhiteSource).
• Experience with dynamic application analysis solutions (Burp Suite, Postman, MobSF, Qualys, Acunetix, Nessus, WebInspect).
• Knowledge of authentication and authorization (SOA security, mobile applications, REST, JSON, OpenID, OAuth, WebToken, SSO).
• Experience with security standards such as OWASP Testing Guide, OWASP TOP 10, OWASP ASVS, CWE, MITRE, CAPEC, SANS 25.
• Experience with OWASP TOP 10, OWASP ASVS, CWE, MITRE, CAPEC, SANS 25.

Accenture, recognized as a Great Place To Work®, is a leading global professional services company that helps major businesses, public administrations, and other organizations around the world develop their digital core, optimize their operations, accelerate revenue growth, and improve services for citizens, creating tangible value at speed and scale. Would you like to be part of a team of over 19,000 cybersecurity specialists worldwide? Accenture has an opportunity for you to join our Cybersecurity team. An Application Security Testing analyst analyzes a given situation to determine which security testing approaches are most likely to succeed, implements them, and evaluates their effectiveness. The role also involves demonstrating the attacker mentality by discovering key information about a target, performing actions in a protected environment that a malicious person would perform, and understanding how evidence of the attack could be deleted. As a member of the Security Team, the Application Security Testing Analyst will work in a collaborative environment where sharing skills and expertise is part of its DNA, cultivating a culture of security awareness to ensure security policies for applications, environments, and systems are followed at all times. Continuous learning is encouraged (and needed!) through our extensive training program, classroom/online courses from well-known providers, and certifications.