Job Description
<p></p><p><b>About the Company :</b></p><p><br/></p><p>Infocus Technologies Pvt.Ltd., headquartered in Kolkata, is a leading consulting firm specializing in SAP, ERP, and cloud consulting services.</p><p><br/></p><p>As an ISO 9001:2015 DNV-certified, CMMI Level 3 accredited organization and a Gold SAP Partner in Eastern </p><p>India, Infocus delivers scalable digital transformation through SAP implementation, version upgrades, enterprise application integration (EAI), and AWS cloud migration Overview :</b></p><p><br/></p><p>We are looking for a skilled Application Security Analyst to join our growing cybersecurity team.<br/><br/></p><p>The ideal candidate will have deep technical expertise in application security, secure SDLC practices, vulnerability assessment, risk mitigation, and governance frameworks.<br/><br/></p><p>You will play a key role in ensuring security is embedded across the software development lifecycle and protecting applications from evolving cyber threats.</p><p><b><br/></b></p><p><b>Key Responsibilities Security & Secure SDLC :</b></p><p><br/></p><p>- Integrate application security best practices into the Software Development Life Cycle (SDLC).<br/><br/></p><p>- Conduct security reviews and threat modeling for new and existing applications.<br/><br/></p><p>- Collaborate with development teams to ensure secure coding practices are adopted.<br/><br/></p><p>- Review architectural and design documents from a security standpoint and suggest Assessment & Management :</b></p><p><br/></p><p>- Perform dynamic (DAST), static (SAST), and software composition analysis (SCA) using tools such as Fortify , Veracode, Checkmarx, or similar platforms.<br/></p><p><br/>- Identify, analyze, and triage vulnerabilities; work closely with developers and stakeholders to prioritize and remediate findings.<br/><br/></p><p>- Maintain and enhance vulnerability management processes, including patch management tracking and Governance & Compliance :</b></p><p><br/></p><p>- Ensure application compliance with internal security policies, industry standards (OWASP, NIST, ISO 27001), and regulatory frameworks (e.g., GDPR, PCI-DSS).<br/></p><p><br/>- Participate in risk assessments, internal and external audits, and regulatory inspections.<br/><br/></p><p>- Generate technical documentation, risk assessments, and compliance reports as Tooling & Automation :</b></p><p><br/></p><p>- Support the integration of security tools into CI/CD pipelines (DevSecOps).<br/><br/></p><p>- Recommend and implement automation solutions to streamline security Response & Monitoring :</b></p><p><br/></p><p>- Support application-level incident investigations and assist in root cause analysis.<br/><br/></p><p>- Work with the SOC team to monitor application logs and security events for anomalous & Training :</b></p><p><br/></p><p>- Act as a security advisor to development and product teams.<br/><br/></p><p>- Conduct training and awareness sessions for developers and product owners on secure coding, threat modeling, and vulnerability Skills & Qualifications :</b></p><p><br/></p><p>- Bachelors degree in Computer Science, Information Security, or related field.</p><p><br/></p><p>- 4 to 5 years of experience in application security, vulnerability assessment, and secure software design.<br/><br/></p><p>- Strong understanding of OWASP Top 10, CWE/SANS Top 25, threat modeling, and attack vectors.<br/><br/></p><p>- Hands-on experience with security testing tools (e.g., Burp Suite, ZAP, Fortify, SonarQube, Veracode).<br/><br/></p><p>- Familiarity with DevSecOps tools and CI/CD pipeline integrations (e.g., Jenkins, GitLab, Azure DevOps).<br/><br/></p><p>- Working knowledge of cloud application security (AWS, Azure) is a plus.<br/><br/></p><p>- Proficient in scripting (Python, PowerShell, Bash) for automation of security tasks.<br/><br/></p><p>- Experience in audit support, compliance reporting, and governance documentation</p><br/><p></p> (ref:hirist.tech)