Skip Navigation

Application Security Consultant

Primary Location Bangalore, Karnataka Additional Locations Date posted 07/31/2018
Apply Now Job ID: JR0012254

Just finished up submitting vulnerability you found to a bug bounty program? Is the single quote key worn down on your keyboard? Then you should know Foundstone is hiring!

Our web application hackers speak SQL and make the DOM beg for mercy. As part of Foundstone’s elite team of penetration testers you’ll find yourself owning some of the most complex and mission critical web applications. Spanning across every vertical market, our client’s applications will test your skills and creativity on daily basis. You like a challenge? You got one!

McAfee Foundstone Application Security Consultants also have significant experience reviewing a wide variety of software including portals, e-commerce sites, financial services and health care applications, and desktop and developer software.  Candidates will work with Foundstone’s Software & Application Security Services (SASS) Team. This full-time position is a great opportunity for someone with strong software development and penetration testing skills.

Your tasks and required skills (not limited to):

  • Conduct web application security assessments and penetration tests.  These are very systematic assessments which are done using the Foundstone proprietary methodology. The assessments involve manual testing and analysis as well as the use of Foundstone proprietary & commercial automated web application vulnerability scanning/testing tools.
  • Assess applications for issues surrounding Authentication, Authorization, User management, Session management, Data validation, including all common attacks such as SQL injection, Cross-site scripting, Command injection, Error handling, Auditing and logging.
  • Assess the security aspects of Web Services design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security.
  • Knowledge of tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Wireshark etc.
  • Mobile application development, assessment (iOS, Android, Windows) experience
  • Thick client assessment experience
  • Vulnerability and network penetration assessments
  • Write formal security assessment reports for each application, using Foundstone reporting format.
  • Participate in conference calls with clients to perform initial data gathering and a follow-up advisory for technical issues.
  • Publish whitepapers, tools and deliver presentations. Integrity to generate professional original content without plagiarizing.
  • Bachelor’s or Master’s degree in Computer Science or equivalent

Any of the following skills are a plus

  • Web application development experience in any of the major languages such as C#, Java, PHP, ASP.NET etc. is a plus
  • Knowledge of scripting languages such as Python, JavaScript, Ruby, SQL etc. is desired
  • Experience reviewing code in C, C++, Java, PHP, C#, ASP.NET, Go etc.
  • Familiarity with automated source code analysis tools such as Fortify, Appscan etc.
  • Binary reversing and analysis experience
  • Knowledge in Cloud Security
  • Certifications such as CISSP, OCSP, MCSA:Azure, AWS, GSEC or CEH is a plus

Location: Bangalore preferred, Flexible

Shift:

Shift 1 (India)

Primary Location:

EMB2 - India - Bangalore Embassy Golflinks

Posting Statement:

McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Apply Now

Sign Up for McAfee Job Alerts

Form

Get the latest job openings delivered to your inbox.

Interested InSelect a job category from the list of options. Select a location from the list of options. Finally, click “Add” to create your job alert.

  • Sales, Bengaluru, Karnataka, IndiaRemove
  • Security Consultant, Bengaluru, Karnataka, IndiaRemove

What's Happening
at
McAfee?

Check out #LifeAtMcAfee

Explore our Blog