[24]7

JOB DESCRIPTION

Role:

InfoSec Tech Lead

Department:

Global InfoSec

Stream:

Information Security

Reports to:

Manager-Information Security

Reportees:

N/A

Summary of essential job functions

The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to work with various teams to identify and implement the Product application and Infrastructure security requirements globally.

Minimum requirements (Education Qualification & Work Experience)

• Qualification Required: Bachelor/Master Degree in either Computer Engineering or Information science
• Certification preferred: OSCP, OSCE, ECSA|LPT, CPT, CEH
• Minimum experience: 5-7 years in Vulnerability Management- Application, Infrastructure Cloud, Mobile Security stream, secure code review and IoT
• Work Location: Bangalore, India (May involve Travel)

Competency Requirements:

• Hands-on experience in performing Network, Web-based, cloud applications security assessments including threat modelling, vulnerability assessments, and penetration testing.
• Knowledge of current information security trends.
• Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods.
• Experience on Web Service vulnerability assessment
• Knowledge on Mobile Applications (IOS/Android)
• Understanding and familiarity with common code review methods and standards
• Develop POCs to demonstrate security issues.
• Experience with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, Burpsuite Pro, Web Inspect, Core Impact)
• Experience with Network assessment tools and Exploitations (e.g., Kali Framework, Qualys Guard, Nessus, Nexpose, Nmap, Metasploit, Saint)
• Experience in performing static code review (e.g., Checkmarx, HP Fortify, IBM Appscan Source)
• Experience in atleast 2 scripting languages such as Python, Perl, PHP, Ruby etc.
• Capable to assess an application using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies
• Knowledge of standard SDLC practices and flexible to work on Agile Modules
• Minimum 5-7 years’ work experience in application and network security
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB)) and DAST code review will be an add-on
• Knowledge of operating systems preferably Windows / Linux / UNIX (IBM IAX, Sun Solaris, HP UX etc.) and network equipment’s.
• Experience in providing technical oversight to other project team members to maintain engagement quality.
• Experience in mentoring, coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
• Good understanding of PCI, SOC and GDPR security guidelines and rules

Other Requirements:

• Strong ethics and understanding of ethics in business and information security
• Proficiency in English (both written and oral communication skills)
• Ability to complete tasks and deliver professionally written reports for clients
• Ability to present findings to technical staff and executives
• Ability to interact with 247 customers to review their requirements

Job Responsibilities

• Carry out and own closures for Vulnerability Assessment and Penetration Testing for Infra, Web Applications and Web Services/API.
• Perform both Manual and Automated Security Testing for identifying vulnerabilities.
• Perform periodic Configuration audits on Network Devices, Servers and other critical functions.
• Perform code review across a variety of programming languages and provide recommendations for preventive and corrective actions.
• Performing assessments of SDLC processes
• Developing testing scripts and procedures
• Other security-related projects that may be assigned according to skills
• Continually evaluates Application architecture in order to enhance process design
• Evaluate suspected vulnerabilities, work with subject matter experts, and recommend corrective actions.
• Evaluating security products and recommending the solutions
• Advisor to various projects regarding Secure Coding Standards and Security Information Management

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.