Hands on experience in infrastructure vulnerability triaging. For triaging we require the candidate to have:
- Handson experience in reproducing vulnerability in affected environment.
- Experience in using CVSS framework to score the severity of a vulnerability.
- Handson experience in testing the vulnerability fix in affected environment.
- Handson experience in using tools like Burp proxy Curl SSLscan etc.
Nice to have some handson experience with:
- JQL query for Jira automations python scripts as this role will require for automation to make triaging more efficient.
- Since we deal with a lot of SAST SCA vulnerabilities as well it is nice to have:
- Familiarity with Github
- Good understanding of application security vulnerabilities.
- Understanding of supply chain security and defensive control