Job Description

• Should have an overall exposure and understanding of Application and Network Security projects and also GRC
• Should have managed comprehensive security projects, that include Application, Network Security and governance aspects
• Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
• Experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, API’s etc.
• Experience in Source Code Review of applications
• Should have performed manual mobile application penetration testing on platforms like Android, IOS, etc – both client and server side applications.
• Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
• Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable.
• Should have performed Black-Box / Grey Box External Network VA/PT assessments following structured phases
• Should have created comprehensive assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
• Review Policies and SOPs associated with secure network/infrastructure implementations.
• Should have experience in Leading the team and coaching/ mentoring team members on technical/functional/ operational/ aspects and expertise relevant to Application and Network security assessments.
• Should be ready to travel within and outside the country