Job Description

Job Responsibilities1. Ensure compliance controls are in place to determine security effectiveness and compliance toward meeting regulatory and/or standards compliance.2. Regularly report progress on CVSS scores, identified risks in addition to coordinate efforts with the Security Lead or Project Manager as required.3. Ensure compliance controls are in place to determine security effectiveness and compliance toward meeting regulatory and/or standards compliance.4. Manage a team that will execute/maintain a master test plan and/or the project plan, create or assist in a comprehensive security test plan, generate test cases and/or scenarios based on the requirements and/or other project documentation.5. Run the server hardening and applications scans to ensure all source code and software and server configurations meet Secure Coding Standards.6. Understand business portfolios and software requirements to effectively determine security testing for various requirements like Web application, Privilege management, Data validation, Access control, Cryptography.7. Create the customized audit files for Nessus security center scanning for specific standards like Docker, PostgreSQL, MSSQL, Oracle DB, MYSQL, DB2 and other OS configurations.8. Maintain a monthly reporting and tracking system of all scanned applications and their CVSS scores.9. Responsible for security vulnerability and remediation reports at an executive and technical level for stakeholders. In some cases, prepare customer-oriented security vulnerability summary reports.10. Be able to execute scans and deliver readout of OWASP vulnerabilities and potential impact to the system.11. Stay current with industry standard development and software technologies and competencies, including in-depth knowledge and understanding of computer applications, knowledge of risk assessment methodologies and frameworks.12. Test the logical access control data analysis for the application and identity the access violations with in the application.13. Test and identify the SOD (Segregation of duties) violations with in the application.14. Stay current with industry security testing and vulnerability identification technologies and competencies.15. Developing and designing security devices and software to ensure the safety of clients' or internal products and information16. Managing security measures for information technology system within a networked system17. Operating regular inspections of systems and network processes for security updates18. Conducting audit process for initiating security and safety measures and strategies19. Customizing access to information per rules and necessity20. Maintaining standard information security policy, procedure, and services21. Should have basic understanding of project life-cycle and should have handled/Implemented at least 4 information security projects in his tenure. Experience in managing data center activities is added advantage22. Knowledge of Operating system (Windows/Linux) working is desirable. Basic understanding of Web servers and DB (Oracle/MS SQL) is a plus.23. Should have experience on client management and have clear communication. He should be having strong understanding on the different ITSM process in an organization (Change Management/Incident Management/Release Management etc.)

• Product Expertise: -*

1. Compliance tools - Symantec CCS, Nessus Security Center2. SIEM: - McAfee ESM3. IDS/IPS4. Advance persistent threat5. Antivirus Solutions.6. PIM/PAM - ERPM7. Web Filtering solution: - Zscaler/ WSS8. Email Gateway solution: - Symantec Messaging Gateway9. Data Base Security.10. Security Analytics.Requirements/Qualifications1. Minimum of eight (10) years of IT security experience2. 5 years of experience in vulnerability assessment, understanding and validating the penetration testing reports.3. Bachelor Degree or MS degree in Computer Science or a related technical discipline.4. Experience with industry standard application security vulnerabilities per standards, such as OWASP Top 10 and SANS Top 25 Vulnerabilities, and how to identify and remediate them.5. Ability to communicate the impact of security vulnerabilities and their potential risk to key stakeholders of various backgrounds.6. Strong knowledge in analysis of web applications, scanning and preparing vulnerability assessment reports using commercial security testing/scan tools, open-source tools or scripting like Nessus Security center, Burp Suite, AppScan, Symantec Compliance Control Suite, McAfee Vulnerability manager, Venafi etc.7. Flexible and creative in finding alternative solutions and/or workarounds where security resolutions are in conflict with available resources or solution designs.Job Type: PermanentSalary: $4,500.00 - $5,500.00 per monthBenefits:

• Health insurance

Schedule:

• Monday to Friday