Description

Job Responsibilities

  • Carry out and own closures for Vulnerability Assessment and Penetration Testing for Infra, Web Applications and Web Services/API.
  • Perform both Manual and Automated Security Testing for identifying vulnerabilities.
  • Perform periodic Configuration audits on Network Devices, Servers and other critical functions.
  • Perform code review across a variety of programming languages and provide recommendations for preventive and corrective actions.
  • Performing assessments of SDLC processes
  • Developing testing scripts and procedures
  • Other security-related projects that may be assigned according to skills
  • Continually evaluates Application architecture in order to enhance process design
  • Evaluate suspected vulnerabilities, work with subject matter experts, and recommend corrective actions.
  • Evaluating security products and recommending the solutions
  • Advisor to various projects regarding Secure Coding Standards and Security Information Management
  • Hands-on experience in performing Network, Web-based, cloud applications security assessments including threat modelling, vulnerability assessments, and penetration testing.
  • Knowledge of current information security trends.
  • Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods.
  • Experience on Web Service vulnerability assessment
  • Knowledge on Mobile Applications (IOS/Android)
  • Understanding and familiarity with common code review methods and standards
  • Develop POCs to demonstrate security issues.
  • Experience with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, Burpsuite Pro, Web Inspect, Core Impact)
  • Experience with Network assessment tools and Exploitations (e.g., Kali Framework, Qualys Guard, Nessus, Nexpose, Nmap, Metasploit, Saint)
  • Experience in performing static code review (e.g., Checkmarx, HP Fortify, IBM Appscan Source)
  • Experience in atleast 2 scripting languages such as Python, Perl, PHP, Ruby etc.
  • Capable to assess an application using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies
  • Knowledge of standard SDLC practices and flexible to work on Agile Modules
  • Minimum 5-7 years’ work experience in application and network security
  • Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB)) and DAST code review will be an add-on
  • Knowledge of operating systems preferably Windows / Linux / UNIX (IBM IAX, Sun Solaris, HP UX etc.) and network equipment’s.
  • Experience in providing technical oversight to other project team members to maintain engagement quality.
  • Experience in mentoring, coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
  • Good understanding of PCI, SOC and GDPR security guidelines and rules

 

 

 

 

 

Education

Bachelor/Master Degree