Job Description:
Perform SAST/SCA/DAST scans using industry vulnerability scanner
SAST/SCA – Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE’s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file.
DAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.
During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities
Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users
Validation - Supplier will perform manual validation and false-positive analysis on the automated scan results.
Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks.
Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams.
Complex application testing and remediation/mitigation recommendation author
Technical leadership of group of less experienced testers.
Adversary based approach to test plan development
Attempt to access unauthorized data
Attempt to make unauthorized changes
Bypass business logic, authentication, user privileges, etc..
Hijack accounts (Does not include social engineering methods)
Attempt to exploit OWASP Top 10 vulnerabilities
EcoSystem Testing
All forms of application security testing, attempt to exploit
All forms of device security testing, attempt to exploit
All forms of database security testing, attempt to exploit
Full Stack review, weakness enumer
Weekly Hours:
40
Time Type:
Regular
Location:
Bangalore, Karnataka, India
It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.
Job ID R-18901-1 Date posted 04/15/2024