Job Description

JOB DESCRIPTION


Role:

InfoSec Tech Lead



Department:

Global InfoSec



Stream:

Information Security



Reports to:

Manager-Information Security



Reportees:

N/A



Summary of essential job functions
The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to work with various teams to identify and implement the Product application and Infrastructure security requirements globally.


Minimum requirements (Education Qualification & Work Experience)
Qualification Required: Bachelor/Master Degree in either Computer Engineering or Information science
Certification preferred: OSCP, OSCE, ECSA|LPT, CPT, CEH
Minimum experience: 5-7 years in Vulnerability Management- Application, Infrastructure Cloud, Mobile Security stream, secure code review and IoT
Work Location: Bangalore, India (May involve Travel)



Competency Requirements :
Hands-on experience in performing Network, Web-based, cloud applications security assessments including threat modelling, vulnerability assessments, and penetration testing.
Knowledge of current information security trends.
Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods.
Experience on Web Service vulnerability assessment
Knowledge on Mobile Applications (IOS/Android)
Understanding and familiarity with common code review methods and standards
Develop POCs to demonstrate security issues.
Experience with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, Burpsuite Pro, Web Inspect, Core Impact)
Experience with Network assessment tools and Exploitations (e.g., Kali Framework, Qualys Guard, Nessus, Nexpose, Nmap, Metasploit, Saint)
Experience in performing static code review (e.g., Checkmarx, HP Fortify, IBM Appscan Source)
Experience in atleast 2 scripting languages such as Python, Perl, PHP, Ruby etc.
Capable to assess an application using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies
Knowledge of standard SDLC practices and flexible to work on Agile Modules
Minimum 5-7 years' work experience in application and network security
Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB)) and DAST code review will be an add-on
Knowledge of operating systems preferably Windows / Linux / UNIX (IBM IAX, Sun Solaris, HP UX etc.) and network equipment's.
Experience in providing technical oversight to other project team members to maintain engagement quality.
Experience in mentoring, coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
Good understanding of PCI, SOC and GDPR security guidelines and rules



Other Requirements:
Strong ethics and understanding of ethics in business and information security
Proficiency in English (both written and oral communication skills)
Ability to complete tasks and deliver professionally written reports for clients
Ability to present findings to technical staff and executives
Ability to interact with 247 customers to review their requirements



Job Responsibilities
Carry out and own closures for Vulnerability Assessment and Penetration Testing for Infra, Web Applications and Web Services/API.
Perform both Manual and Automated Security Testing for identifying vulnerabilities.
Perform periodic Configuration audits on Network Devices, Servers and other critical functions.
Perform code review across a variety of programming languages and provide recommendations for preventive and corrective actions.
Performing assessments of SDLC processes
Developing testing scripts and procedures
Other security-related projects that may be assigned according to skills
Continually evaluates Application architecture in order to enhance process design
Evaluate suspected vulnerabilities, work with subject matter experts, and recommend corrective actions.
Evaluating security products and recommending the solutions
Advisor to various projects regarding Secure Coding Standards and Security Information Management



Disclaimer:
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.