Application Security Analyst

Who we are

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

What you’ll be doing

• Assist in web app security testing under supervision; perform automated scans and basic OWASP Top 10 checks.
• Execute documented test cases, capture evidence, and support retesting for remediation validation.
• Analyze scan results, filter false positives, and document findings in standard templates.
• Research vulnerabilities and remediation guidance; maintain tracking databases and status reports.
• Assist with prioritization and creation of executive summaries.
• Perform secure code reviews using automated SAST tools; identify common issues (SQLi, XSS, hardcoded secrets).
• Document code-level vulnerabilities with references and fix recommendations; learn secure coding practices.
• Operate and maintain SAST, DAST, and SCA tools; configure scans and integrate into CI/CD pipelines.
• Generate reports, maintain tool configurations, and troubleshoot basic issues.
• Create detailed testing notes, maintain checklists, and document tool configurations.
• Contribute to knowledge base articles and prepare routine status reports; organize assessment evidence.
• Assist developers with understanding findings and remediation steps; support secure coding awareness sessions.
• Contribute to guidelines, quick references, and promote security best practices in development teams

What you'll bring along

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field
• Minimum 5–10 years of experience in cybersecurity or IT security roles.
• Basic understanding of OWASP Top 10 vulnerabilities and web application security
• Familiarity with common security testing concepts and methodologies
• Knowledge of HTTP protocol, web technologies (HTML, CSS, JavaScript basics)
• Understanding of authentication, authorization, and session management concepts
• Awareness of secure coding principles and common security weaknesses
• Web technologies: HTTP/HTTPS, REST APIs, JSON, XML basics
• Programming basics: Understanding of at least one language (Python, Java, JavaScript, C#)
• Databases: Basic SQL knowledge and understanding of database security
• Operating systems: Windows and Linux command line basics
• Networking: TCP/IP fundamentals, DNS, proxies
• Experience with or willingness to learn Burp Suite Community/Professional
• Familiarity with OWASP ZAP or similar web proxy tools
• Knowledge of vulnerability scanners (Nessus, Acunetix, Qualys WAS)
• Basic experience with SAST tools (SonarQube, Checkmarx, or similar)
• Understanding of dependency checking tools (OWASP Dependency-Check, Snyk)
• Strong attention to detail in testing and documentation
• Good written communication skills for vulnerability reporting
• Ability to follow documented testing procedures and methodologies
• Curiosity and eagerness to learn about security vulnerabilities
• Team collaboration and willingness to seek guidance appropriately
• Basic time management and task prioritization abilities
• CEH (Certified Ethical Hacker) or eJPT (eLearnSecurity Junior Penetration Tester) - Preferred
• Security+ or equivalent foundation security certification - Beneficial
• GFACT or GSEC - Beneficial
• Working toward: OSCP, GWAPT, or Burp Suite Certified Practitioner
• Eligible: UK SC security clearance
• Excellent command of both spoken and written English.