Tech Lead 23844

JOB DESCRIPTION

Role:

InfoSec Tech Lead

Department:

Global InfoSec

Stream:

Information Security

Reports to:

ManagerInformation Security

Reportees:

N/A

Summary of essential job functions

The overall responsibility of the team is to provide assurance to the management on the Information Security Compliance and Risk Management of the organization globally. The candidate would be expected to work with various teams to identify and implement the Product application and Infrastructure security requirements globally.

Minimum requirements (Education Qualification & Work Experience)

• Qualification Required: Bachelor/Master Degree in either Computer Engineering or Information science
• Certification preferred: OSCP OSCE ECSALPT CPT CEH
• Minimum experience: 57 years in Vulnerability Management Application Infrastructure Cloud Mobile Security stream secure code review and IoT
• Work Location: Bangalore India (May involve Travel)

Competency Requirements:

• Handson experience in performing Network Webbased cloud applications security assessments including threat modelling vulnerability assessments and penetration testing.
• Knowledge of current information security trends.
• Knowledge of security bug classification frameworks such as CVSS and DREAD and experience applying security bug classification methods.
• Experience on Web Service vulnerability assessment
• Knowledge on Mobile Applications (IOS/Android)
• Understanding and familiarity with common code review methods and standards
• Develop POCs to demonstrate security issues.
• Experience with web application vulnerability scanning tools (e.g. Acunetix NTO Spider Burpsuite Pro Web Inspect Core Impact)
• Experience with Network assessment tools and Exploitations (e.g. Kali Framework Qualys Guard Nessus Nexpose Nmap Metasploit Saint)
• Experience in performing static code review (e.g. Checkmarx HP Fortify IBM Appscan Source)
• Experience in atleast 2 scripting languages such as Python Perl PHP Ruby etc.
• Capable to assess an application using OWASP OSSTMM CESG CREST NIST ISSAF PTES methodologies
• Knowledge of standard SDLC practices and flexible to work on Agile Modules
• Minimum 57 years work experience in application and network security
• Experience with high level programming languages (e.g. Java C C .NET (C# VB) and DAST code review will be an addon
• Knowledge of operating systems preferably Windows / Linux / UNIX (IBM IAX Sun Solaris HP UX etc. and network equipments.
• Experience in providing technical oversight to other project team members to maintain engagement quality.
• Experience in mentoring coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
• Good understanding of PCI SOC and GDPR security guidelines and rules

Other Requirements:

• Strong ethics and understanding of ethics in business and information security
• Proficiency in English (both written and oral communication skills)
• Ability to complete tasks and deliver professionally written reports for clients
• Ability to present findings to technical staff and executives
• Ability to interact with 247 customers to review their requirements

Job Responsibilities

• Carry out and own closures for Vulnerability Assessment and Penetration Testing for Infra Web Applications and Web Services/API.
• Perform both Manual and Automated Security Testing for identifying vulnerabilities.
• Perform periodic Configuration audits on Network Devices Servers and other critical functions.
• Perform code review across a variety of programming languages and provide recommendations for preventive and corrective actions.
• Performing assessments of SDLC processes
• Developing testing scripts and procedures
• Other securityrelated projects that may be assigned according to skills
• Continually evaluates Application architecture in order to enhance process design
• Evaluate suspected vulnerabilities work with subject matter experts and recommend corrective actions.
• Evaluating security products and recommending the solutions
• Advisor to various projects regarding Secure Coding Standards and Security Information Management

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time as needed.