Security Testing

Experience : 4 - 8 Years

Location : Hyderabad, Bangalore & Coimbatore

Budget : 24 LPA

Notice Period : Immediate to 15 Days

Skillsets: Knowledge on Cyber security applications and API Domain. Experience working with Security Automation platforms.

In Scope for Application Security:

Black box assessments:Focuses on identifying vulnerabilities in a live (staging) instance of an application. Black box assessments are performed when source code is not available. Black box is not a comprehensive assessment that will identify all vulnerabilities; the assessment is conducted during a finite period of time and as many vulnerabilities as possible are identified and reported.

Black box critical

Black box sensitive

Automated Scanning: Supplier's auditors are expected to perform mostly manual assessments; however, they have the necessary skills to perform certain automated scanning as part of their regular activities. All automated scanning will be done using Supplier's code Scanning (an in-house tool) and a set of mainly open source tools which have been evaluated and adopted by Supplier as an alternative to commercial tools.

Assessment reporting:Based on NBCUniversal's application security strategic needs, Supplier Application Security Auditors will be able to provide statistical information on the results gathered from performed assessments such as:

Number of assessments performed

Total of reported vulnerabilities

Total of High/Critical vulnerabilities

Percentage of high/critical vulnerabilities

Vulnerabilities per request

Vulnerabilities trend

Additional Activities:Assist on other application security initiatives lead by NBCUniversal that could be classified, but not limited to:

Application security awareness

Application security documentation and training

Application security process definition

Application security metrics generation

Application security adHoc projects

Application security automated scanning using Supplier code scanner