OSCP certification, Penetration testing or OWASP Top 10, Team Management

Classification - Internal

Classification - Internal

Job Title Senior Manager Application Security Testing - ISG

Experience 8-9 Years

Location: Airoli, Mumbai

Mandatory:

•

8-9 years of hands-on experience in application security and SCR

•

Bachelors in engineering or MCA.

•

Certification – any two of the certificates from the list such as LPT, OSCP, OSCE.

Job Description:

•

Complete understanding of application security and source code review programs.

•

Very strong technical skills and ability to think out of the box.

•

Candidate should be good in understanding of application security, mobile application security (Android and iOS), API security testing and detailing, articulation of vulnerability and should be able to review and recommend on the assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.

•

Provide technical assistance to clarify the reported issues to the relevant teams and provide required support to resolve the issues. Explain the issues in layman language to the business teams.

•

Should have experience in automation of vulnerability and web scanners (e.g. Qualys, Nessus, AppScan, Web inspect, Acunetix, Burp suite Pro, etc) using industry automation software’s.

•

Technical knowledge of Windows and UNIX operating systems, networking, security & network devices.

•

Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.

•

Strong knowledge of security vulnerability, risk, threat, exploitation, technical & business impact

•

Experience in automation of vulnerability work to reduce manual efforts and simplify the process

•

Should have knowledge to implement a risk-based approach to Vulnerability Management. Good to know TVM products like Kenna Security, Risk Sense etc.

•

Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.

•

Should have prepared audit reports and findings tracker sheets for applications.

•

Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization.

•

Should have knowledge in preparing policy, procedure, standard and guidelines for application security

•

Coaching/ mentoring team members on technical/functional/ operational/ aspects and expertise relevant to security testing

•

Stakeholder management – Need to interact and communicate with IT, Application, Development, Business teams for VAPT work

•

Should have relevant experience in a mid- large size organisation and should be leading the VM practice.

Skills required/Expertise:

•

8-9 years of proven experience in vulnerability assessment and penetration testing of Web, Mobile (Android & iOS is must) & API.

•

Tools –IBM AppScan, Web inspect, Acunetix, Burp suite Professional, Checkmarx, Fortify, Metasploit Professional

•

Proficient in written and oral English communication skills.

•

Strong organizational, teamwork, multi-tasking and time-management skills.

•

Manage a team during project execution as needed for the smooth execution of the project.

•

Experience in banking domain will be added advantage.