IN Senior Associate Source Code Review MS Engineering Advisory Bangalore

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Microsoft

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively.

*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Job Description & Summary: • We are looking for experienced members with: *strong analytical and problem-solving abilities *willingness and to learn new technologies and adapt to changing project requirements *ability to prioritize tasks and manage time effectively to meet deadlines *good verbal and written communication skills *ability to work collaboratively in a team setting

Responsibilities:

1. Review application source code based on the industry standard security frameworks and organization's internal security policy. 2. Running the source code scan and analyzing the results derived from the SAST platform. 3. Coordinate with application development teams to ensure identified gaps are fixed in proper time. 4. Work with the application development team to eliminate false positives, to clarify compensating security controls. 5. Closely work with issue management team to ensure proper remediation plans are in places with well documented records. 6. Collaborate with senior developers and architects to ensure security best practices and secured design patterns are followed. 7. Work closely with other team members, including project leads, regional leads and territory security leadership team. 8. Provide regular updates on progress and issues to project managers and stakeholders

Mandatory skill sets:

1. Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10). 2. Strong knowledge of Industry standard SAST tools (e.g. Veracode, Fortify on Demand). 3. Strong knowledge of Industry standard SCA tools (e.g. Blackduck). 4. Strong knowledge in manual and tool-based code review process, focusing on OWASP methodology. 5. Strong Knowledge of security vulnerability identification and remediation methodologies. 6. Familiarity with industry standard security frameworks and policies.

7. Strong knowledge of DevSecOps practices and integration of security within CI/CD pipelines. 

Preferred skill sets:

· Desirable Skills: 1. CEH, CISM, CCSK 

Years of experience required:

5-7 yrs

Education qualification:

· BTech/BE/MTech from reputed institution/university as per the hiring norms

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Master of Engineering, Bachelor of Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Static Application Security Testing (SAST)

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture {+ 8 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date