Web Application Security Tester (SAST/DAST)

This job is with WTW, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community.

Please do not contact the recruiter directly.

Description

• Create, maintain, and execute appropriate security testing processes to enable timely detection, risk-based prioritization, and co-ordinate the remediation of security testing findings

• Manage planning & execution of corporate penetration testing, DAST and SAST onboarding.

• Collaborate with development and QA teams to integrate security tools into CI/CD pipelines.

• Develop and maintain security testing documentation, including test plans and reports.

• Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that findings are understood and appropriately addressed.

• Measure and report the maturity, effectiveness and efficiency of Security Testing services

• Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception.

• Ensure accurate and clear communication with all stakeholders.

• Provide appropriate MI to key stakeholders.

Direct Span
Indirect Span

NA
NA

Qualified to degree level, preferably in a business, IT or security related subject

3-5 yrs.

Skill
Proficiency

Scoping and managing penetration testing activities
Advance

Building and leading effective security teams
Advance

Knowledge of Sox, SOC & other IT and Privacy related standards
Intermediate

Basics of IT Auditing and IT Risk concepts
Intermediate

Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP
Advance

Knowledge of Risk management tools, methodologies and practices
Advance

Application and infrastructure security principles
Advance

Knowledge of SIEM, PAM & Discovery Tools.
Basic

Qualifications
-