Information Security Engineer Analyst Jobs in Noida - UnitedHealth Group

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.

AppSec team is part of the Attack Surface Management program which works to minimize threat landscape by securing applications and infrastructure. AppSec team is responsible to assess security posture of enterprise applications using static and dynamic security testing techniques.

During the scope of this engagement the candidate will work to perform application source code review for enterprise applications; identify vulnerabilities and threats, document findings and suggest remediation for identified vulnerabilities.

Primary Responsibilities

• Perform application security review using manual and automated testing approach
• Identify vulnerabilities in the application code, at server end, at certificate level, document findings, eliminate false positive issues and help development teams with remediation efforts
• Work as a consultant for the development teams to incorporate security into each phase of SDLC to transform it into Secure SDLC
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications

• Experience with web-based application development
• In-depth knowledge and understanding of computer applications and demonstrated proficiency with development frameworks and languages (Java, C/C++, .NET, C#, PHP, etc.)
• Experience with relational databases from an application development perspective
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• Excellent understanding of SDLC and where automated tools fit into the process
• Technical depth and expertise in application security technologies with a deep knowledge on application security threats
• Hands-on experience in using open source tools like Burp Suite, Metasploit, etc.
• Hands-on experience in using paid tools like HP WebInspect, AppScan, Fortify, and Qualys, etc.
• Understanding and familiarity with common code review methods and standards
• Knowledge of application security vulnerability lists such as the OWASP Top 10, SANS Top 25, CWE Top 25
• Ability to work with development teams to carry out web application security reviews
• Ability to improve secure coding practices, application security requirements, automation, training, and metrics
• Ability to do Documentation and Reporting of vulnerabilities and suggesting mitigations
• Ability to create and maintain various checklists and process documents for Web Applications and Mobile applications
• Ability to research and understand various new and existing vulnerabilities and developing effective mechanisms to detect and prevent them. Maintain active understanding of industry practices for secure software development
• Ability to work independently and in a team, taking ownership of performing end to end security threat assessment and providing recommendations for rectification, for web applications
• Good written and verbal communication skills as this has onshore round

Preferred Qualifications

• Any of the certifications CEH, ECSA, OSCP, Developer Certifications (SCWCD, SCJP, SCJD, SCJA, MCSD etc.)
• Experience in dynamic application vulnerability assessment using tools like HP WebInspect, IBM AppScan, Acunetix, etc.
• Experience in mobile application source code review

Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.(sm)