Role: Security Auditor
This role performs security assessment of various IT assets.
Relationships
Performs:Responsible for:
Additionally Performs:Modifies:
Main Description
A Security Auditor is usually a member of a Security team who is responsible for conducting security assessments of various IT applications. This role is held by an experienced security professional who has a good understanding of the various IT security threats and is able to assess if a particular IT asset (in this context, a Web application) is vulnerable to those threats.
Properties
Multiple Occurrences
Optional
Planned
Staffing
Skills

The person in this role should have these skills:

  • Deep understanding of security testing approaches and techniques
  • Very good understanding of Web application security 
  • Debugging and diagnostic skills in the security domain
  • Knowledge of the types of systems and applications under test
  • Knowledge of the networking architecture
  • Training in the use of the security test automated tools
  • Experience using the security test automated tools