Tech Lead

Job Responsibilities

• Carry out and own closures for Vulnerability Assessment and Penetration Testing for Infra, Web Applications and Web Services/API.
• Perform both Manual and Automated Security Testing for identifying vulnerabilities.
• Perform periodic Configuration audits on Network Devices, Servers and other critical functions.
• Perform code review across a variety of programming languages and provide recommendations for preventive and corrective actions.
• Performing assessments of SDLC processes
• Developing testing scripts and procedures
• Other security-related projects that may be assigned according to skills
• Continually evaluates Application architecture in order to enhance process design
• Evaluate suspected vulnerabilities, work with subject matter experts, and recommend corrective actions.
• Evaluating security products and recommending the solutions
• Advisor to various projects regarding Secure Coding Standards and Security Information Management
• Hands-on experience in performing Network, Web-based, cloud applications security assessments including threat modelling, vulnerability assessments, and penetration testing.
• Knowledge of current information security trends.
• Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods.
• Experience on Web Service vulnerability assessment
• Knowledge on Mobile Applications (IOS/Android)
• Understanding and familiarity with common code review methods and standards
• Develop POCs to demonstrate security issues.
• Experience with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, Burpsuite Pro, Web Inspect, Core Impact)
• Experience with Network assessment tools and Exploitations (e.g., Kali Framework, Qualys Guard, Nessus, Nexpose, Nmap, Metasploit, Saint)
• Experience in performing static code review (e.g., Checkmarx, HP Fortify, IBM Appscan Source)
• Experience in atleast 2 scripting languages such as Python, Perl, PHP, Ruby etc.
• Capable to assess an application using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies
• Knowledge of standard SDLC practices and flexible to work on Agile Modules
• Minimum 5-7 years’ work experience in application and network security
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB)) and DAST code review will be an add-on
• Knowledge of operating systems preferably Windows / Linux / UNIX (IBM IAX, Sun Solaris, HP UX etc.) and network equipment’s.
• Experience in providing technical oversight to other project team members to maintain engagement quality.
• Experience in mentoring, coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
• Good understanding of PCI, SOC and GDPR security guidelines and rules