Project Location(s): Pune, Maharashtra
Education: (MCM /MCA) or equivalent
Compensation: As per Industry Standard
Security and Network Engineer Cloud (VAPT)
Job Location: Pune, Maharashtra.
Industry : IT/ ITeS
Relevant Experience required: 3-5+ years’ experience.
- Develop Security automation and APIs in the Public Cloud across the key pillars of security namely IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation. Security Analytics, Vulnerability Management, Platform and Application Threat Modelling
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- Act as an advocate of information security policies, standards and as a mechanism to enable the business effectively while managing risk appropriately.
- Cloud & Network Security Architecture Review.
- Perform unauthenticated and authenticated vulnerability assessment (VA) assessments of servers, applications, network/security/infrastructure devices as per defined frequency annually.
- Perform penetration testing (PT) for internal and internet facing servers.
- Create comprehensive assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
- Provide technical assistance to clarify the reported issues to the relevant teams and provide required support to resolve the issues. Explain the issues in layman language to the business teams.
- Hands on experience in automated vulnerability and web scanners (e.g. Qualys, Nessus, AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable.
- Technical knowledge of Windows and UNIX operating systems, networking, security & network devices.
- Gain deep security-level knowledge of cloud environments, continuous monitoring solutions to understand and explain security risks and mitigation techniques.
- Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
- Strong knowledge of security vulnerability, risk, threat, exploitation, technical & business impact
- Experience in automation of VAPT work to reduce manual efforts and simplify the process
- Should have knowledge to implement a risk-based approach to Vulnerability Management. Good to know TVM products like Kenna Security, Risk Sense etc.
- Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
- Should have prepared audit reports and findings tracker sheets for applications.
- Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization.
- Should have knowledge in preparing policy, procedure, standard and guidelines for VAPT
- Coaching/ mentoring team members on technical/functional/ operational/ aspects and expertise relevant to security testing
- Stakeholder management – Need to interact and communicate with IT, Application, Development, Business teams for VAPT work
- Stay current on cloud security policies, standards, regulations, and best practices.
Educational qualification: Graduate in IT, Cyber Security or MCM/ MCA or equivalent
- 3-5+ years of hands on experience in Cloud and Network Security -vulnerability assessment and penetration testing (VAPT)
- Certified in Cloud Security Domain such as CEH, CISSP etc
- 3-5 years of proven experience in vulnerability assessment and penetration testing
- Tools – Qualys, Tenable Nessus, IBM AppScan, Web inspect, Accunetix, Burp suite Professional, Metasploit Professional Knowledge
- Proficient in written and oral English communication skills.
- Strong organizational, teamwork, multi-tasking and time-management skills.
- Manage a team during project execution as needed for the smooth execution of the project.
- Expertise in security epics across Data Protection, Compliance Validation, Vulnerability Analysis, Network Security, Infrastructure Security, CICD Security, Identity and Access Management, Logging and Monitoring, Incident Response, Big Data and Analytics, and Resiliency.