A Security Auditor is usually a member of a Security team who is responsible
for conducting security assessments of various IT applications. This role is held
by an experienced security professional who has a good understanding of the various
IT security threats and is able to assess if a particular IT asset (in this context,
a Web application) is vulnerable to those threats.
Staffing
Skills
The person in this role should have these skills:
Deep understanding of security testing approaches and techniques
Very good understanding of Web application security
Debugging and diagnostic skills in the security domain
Knowledge of the types of systems and applications under test
Knowledge of the networking architecture
Training in the use of the security test automated tools
Experience using the security test automated tools