Total 9-12 Years of IT experience
5 Years of software security experience
3 years of software development experience
Expertise in identifying & recommendations to fix OWASP, SAN 25 & other real time threats.
Experience with J2EE or MSFT platforms required.
Must have done enterprise level security assessment or consulting
Expertise in manual assessments, identifying root cause & fix recommendations.
Expertise on tools like Paros or Burb proxy or Webscarab, Rational Appscan, HP webinspect, Fortify, Veracode, Scuba, NGSSquirrel required
Experience with secure coding practices, threat modeling and vulnerability assessment
Experience with server security, including web servers, app servers, PKI
Exposure to Database security an added advantage.
Appropriate security certifications, such as CISSP/CISM/CSSLP