Sr. Security Analyst

Detailed JD:

In depth knowledge on OWASP, WASC, NIST

Experienced in the Vulnerability Assessment & Penetration Testing of,

1.     Web Application Security Testing

2.     API Security

3.     Mobile Application Security Testing (Android & iOS)

4.     Thick client application testing

5.     Network Infrastructure

6.     Cloud infrastructure

·         Secure Code review of Web, Mobile Applications

·         Good understanding of SAST and DAST tools

·         Cloud security review

·         Strong knowledge of the application and network architecture

·         Conduct red-team assessments using social engineering, physical security compromise and other techniques.

     .     Perform network penetration testing and red team exercises.

     .     Support network architecture reviews.

     .     Perform in-depth reconnaissance for any customer assets.

     .     good understanding of the latest red team TTP’s

·         Experience in the Information Security domain across various industries like Banking, Finance, Stock Exchanges, real estate, E-commerce,       NBFC & Insurance organization, etc.

·         Ensure timely delivery of status updates and final reports to clients.

·         Handle client queries.

·         Keep oneself updated on the latest IT Security news, exploits, hacks.

·         Contribute technical content – chapter meetings, blog posts

·         Conduct internal and external training on various topics related to security assessment.

Has hands-on exposure in the following tools:

• Kali Linux / Metasploit
• Burp Suite / ZAP / Fiddler / Immunity Debugger / IDA Pro / Ollydbg
• Checkmarx / Contrast Security
• Nmap / Netsparker / Nessus / Sqlmap / Nikto
• Hands-on experience on various tools in DevOps and DevSecOps ecosystem, such as Jenkins, JIRA, Github, Checkmarx, OpenShift, Twist Lock, Ansible, Gradle, etc.

Exp. Req.- Minimum 2+ yrs in Cybersecurity Assessment domain

Certification- OSCP, OSWP, OSWE ( preferred ).