JD – Asst. Manager - Information Security (Risk Assessment)
Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)
Ability to analyze vulnerabilities, appropriately characterizes threats, and provide sound remediation advice
Familiarity with commercial testing applications (i.e. Burp, dbProtect, Acunetix, SonarQube)
Advanced knowledge of network protocols and network monitoring like "sniffing" (e.g. Wireshark, tcpdump)
Strong knowledge of tools used for Thick clients, web application, and mobile security testing.
Hands on knowledge on OWASP top 10, SANS Top 20. Strong understanding of PCI DSS.
Coding / scripting experience (Python, Ruby, C, Assembly, Bash, PowerShell, etc.)
Work with the team to plan, prepare, execute, and summarize the security testing
Work with team in delivering and implementing consistent test disciplines and processes using associated best practices across the program.
Experience with debuggers, disassemblers, binary patch diffing (e.g. BinDiff).
Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
Must have :
A minimum of 2-5 years’ experience on security assessment and testing of applications, Network and cloud solutions.
Experience with the administration of Microsoft based systems, Linux/Unix based systems
Knowledge on network protocols and packet analysis.
Experience with various DBMS.
Strong written and verbal communication skills
Experience with incident handling process and procedures
Understanding and experience with risk and compliance (GRC) concepts / tools.
Should have Engineering/MCA/Other Security related certifications as base qualifications
Certifications such as:
CISSP, CISA,CISM, CEH, ISO27001:2013 LA