Sys Admin/Infosec

Location: Navi Mumbai
Specialization: Banking, Insurance & Financial Services,
Industry NA
Reference: 27056

JD – Asst. Manager -  Information Security (Risk Assessment)

Key Responsibilities: 

         Experience in VAPT - Applications, Network and Cloud Technologies.

         Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)

         Ability to analyze vulnerabilities, appropriately characterizes threats, and provide sound remediation advice

         Familiarity with commercial testing applications (i.e. Burp, dbProtect, Acunetix, SonarQube)

         Advanced knowledge of network protocols and network monitoring like "sniffing" (e.g. Wireshark, tcpdump)

         Strong knowledge of tools used for Thick clients, web application, and mobile security testing.

         Hands on knowledge on OWASP top 10, SANS Top 20. Strong understanding of PCI DSS.

         Coding / scripting experience (Python, Ruby, C, Assembly, Bash, PowerShell, etc.)

         Work with the team to plan, prepare, execute, and summarize the security testing

         Work with team in delivering and implementing consistent test disciplines and processes using associated best practices across the program.
Experience with debuggers, disassemblers, binary patch diffing (e.g. BinDiff).

         Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.

         Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.


Must have : 

 

         A minimum of 2-5 years’ experience on security assessment and testing of applications, Network and cloud solutions.

         Experience with the administration of Microsoft based systems, Linux/Unix based systems

         Knowledge on network protocols and packet analysis.

         Experience with various DBMS.

         Strong written and verbal communication skills

         Experience with incident handling process and procedures

         Understanding and experience with risk and compliance (GRC) concepts / tools.

         Should have Engineering/MCA/Other Security related certifications as base qualifications


Certifications such as: 
CISSP, CISA,CISM, CEH, ISO27001:2013 LA