Extensive experience of 8+ years in Application / Network Security Assessment
Good at application threat modeling and Applications risk exposure
Experience in dynamic and static application vulnerability scanners like Rapid7 AppSpider, HP WebInspect, IBM AppScan, HP Fortify, etc.
Experience of using Network security assessment tools like Rapid7 Nexpose, Metasploit, Nessus, Qualys etc.
Experience in manual security assessment of applications and infrastructure
Establish Vulnerability Management framework & process including Vulnerability assessment, treatment, acceptance / exception
Manage VAPT and Secure Configuration Management process
Ensure the coverage and track new assets & applications which are going live and VA / PT, Security Configuration Assessment are conducted before going live and periodically after going live.
Knowledge of scripting languages like Ruby, Python etc.
Knowledge of web development would be preferred
Knowledge of deploying security scanning tools in large enterprise network
Strong Web application security experience with thorough understanding of web application, Mobile Application vulnerabilities
Good skills on operating systems and command line operations specially Unix.
Knowledge of database, application, and Web server design and implementation
Familiarity with Security Standards and groups (OWASP, OSSTM, WASC, FISMA)
Experience in client handling including interaction with developers for understanding the mitigations
Working knowledge and experience integrating Telecomm Applications with VM Technologies.
Experience of integration with multiple external technologies e.g. Incident Management, CMDB (Remedy, Service Desk), PAM, IDAM, SIEM, Third party applications.
Execution of enterprise wide Infrastructure Vulnerability Assessment, Penetration Testing program
Advanced understanding of networking, system of systems architecture In-depth knowledge of architecture, engineering, and operations
Experience of end to end vulnerability management and penetration test program.
Experience of vulnerability remediation work flow, ticketing lifecycle etc preferred.
Strong Understanding and working experience of SDLC include SIT, UAT and NFT. Execution experience of Performance testing.
Bachelor's degree in management information systems, computer science, or related discipline is required.
Defining integration approaches and creating interface documentation, Test cases for SIT, UAT and NFT.
Strong understating of Defense in Depth Architecture and security technology used at each layer.
Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001)
Advanced knowledge and experience with the multiple operating systems (Windows, - nix, OSX, VMware, IOS and other infrastructure device OS)
Technology Landscape, Education and Certification
Configuration Analyzer - - Algosec firewall Analyzer, Tuffin Configuration manager, IBM QRM.
Vulnerability Management - Qualys guard, Nessus
Certified Computer Forensics and Forensics Investigator ( CHFI )
Certified Ethical Hacker (CEH)
EC Council Certified Security Analyst (ECSA)