Job Description

Photon Interactive Pvt Ltd is looking for Security Lead / Security Engineer for Chennai location for various business verticals.



Overview



Photon is the world's largest and fastest growing provider of omnichannel and digital experiences. Photon works with over 37% of the Fortune 100 as their digital innovation partner of choice and has the largest digital consumer footprint with over 250mn daily consumer touchpoints. Photon has the largest pool of omnichannel engineers with over 3,800 engineers across offices in the US, Canada, Europe, Mauritius, India, Shanghai, and Indonesia.



Job description



We are looking for Security Lead who enjoys security work and possesses both deep and wide expertise in the penetration testing and security space, to identify and exploit vulnerabilities for the developed code. The focus areas for this role is performing vulnerability assessment across various verticals, guiding team members (hands-on), validation of findings, reporting, collaboration, and providing cross training within the team for web and / or mobile applications.



Role Responsibilities



Provide design and architecture security review document



Identify vulnerability assessment testing scope, prepare test plan with timelines, create test cases for business logic testing, and getting signoff for deliverables.



Validate and prepare vulnerability assessment testing results, and explain reports with the development team



Verify the identified issues are fixed with supported remediation guidelines



Provide hands on technical guidance and feedback to the team members.



Requirements (DevSecOps)



• Good understanding of security operations, network security, threat intelligence, and incident response.
• SIEM configuration. Incident and alarm response procedures, engagement with


operations teams to manage incidents.



• Experience/ Understanding of Cloud-based services (AWS), technologies, and providers (eg SaaS,IaaS, PaaS, etc.)
• Experience with writing queries, parsing, and correlating data.
• Technical understanding of PaloAlto, firewall, IDS, and Wildfire features
• The ability to perform analysis of log files from multiple devices and environments, and identify


indicators of security threats. Strong understanding of parsing and analyzing web, system and security logs



• Strong technical knowledge across a range of server and gateway platforms, including Linux/ Unix/Windows/ Mac
• Demonstrable knowledge of scripting/ programming tools such as PowerShell, Python
• Understanding of VPN infrastructure, 2FA.
• Deep understanding of network protocols and security TCP/ IP, UDP, DHCP, FTP, SFTP, SNMP, SMTP,


SSH, SSL, VPN, RDP, HTTP, and HTTPS.



• Familiar with YARA, STIX, TAXII, OpenIOC
• Excellent verbal and written communication skills; ability to articulate technical knowledge to nontechnical audience; production of policy/ standards/ project documentation
• Knowledge of data leakage prevention tools DLP/CASB/Websecurity is an add on
• Having a certification background in any one of GCIH, GCIA, GPEN, OSCP or other relevant


certifications within Cyber Security is highly advantageous.



• VM scanning Qualys is a good to have.
• Experience in handling phishing attacks using Proofpoint, CLEAR, TRAP, and TAP.
• Experience is EDR solutions, simulating setups like kali-linux.
• Experience in Web security CDN Akamai/Cloudfront/WAF


Requirements (Web)



Working knowledge of SQL and high level languages.



Exposure to either Java or C is a plus.



Experience with security tools such as Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools



Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)



Working knowledge of applied cryptography and how to effectively develop appropriate cryptographic solutions.



Knowledge of compliances including PCI-DSS and HIPAA is a plus.



Previous wide-ranging experience in application security and policy development.



Experience in proactive issue detection, tool creation, development of best practices and procedures and policy development.



Experience in protecting sensitive data and systems in high scale systems that are growing rapidly



Good verbal and written communication skills



Good technical communication skills, both written and verbal; good analytical and problem solving skills



Must be able to effectively work with and interact with teams of various backgrounds and maintain positive relationships; be able to work in a collaborative team environment;



Demonstrable experience of writing information security reports, documentation and standards accurately and to designated timescales



Certifications are preferred.



Requirements (Mobile)



Experienced iOS/Android developer



Perform security assessments on iOS/Android application



Offer security guidance to product teams as they build new mobile products and features



Evaluate the security of new product designs to determine vulnerability to physical tampering, side-channel attacks, glitching, fuzzing, and other attacks



Prototype and test countermeasures that defend against these attacks



Good understanding of cryptography, protocol design and analysis, firmware and embedded OS design principles



Defend application against compromise via a range of techniques including advanced obfuscation, pre-damage, string encryption, symbol stripping, renaming, debug Info, call hiding.



Detecting attacks through jailbreaking, resource encryption, checksumming, debugger detection, swizzle detection, hook detection and other means