Consultant - Information Security

Consultant - Information Security

Job Description :

- Perform Web Application security assessment .

- Perform Mobile application security assessment.

- Conduct application risk assessment / application control review

- Conduct application penetration exercise using automated tools, customized exploits and manual analysis.

- Conduct network penetration testing, system vulnerability assessment & security configuration review

- Provides analysis and validation post remediation.

Experience & Key Skills :

- 3-7 Yrs. Relevant experience

- Practical experience in manual & automated grey box application security assessment

- Practical experience in mobile application (android / iOS) security assessment

- Exposure to API security testing

- Experience in using application security assessment tools/platforms such as Burp Suite, Paros, Samurai WTF, Kali Linux, Charles, Metasploit.

- Understanding of the OWASP Top 10 application security risks.

- Knowledge of networking concepts like TCP/IP, UDP, HTTP, TLS, SSH, DNS, firewalls, etc.

- Experience of drafting web application security assessment report.

- Excellent problem solving and analytical skills; outstanding oral and written communication skills.

- Practical experience with Static and Dynamic Application Security Test (SAST/ DAST) solutions e.g. Fortify, Veracode, Checkmarx is desirable.

- Candidate with software programming background with language and tools such as Java/JavaScript; JSP; Python; PHP; ASP.Net HTML/CSS is desirable.

- Experience in conducting network penetration testing & system vulnerability assessment using VA tools (e.g. Nessus, Nexpose etc.) and VA checklist is desirable

- Basic to intermediate knowledge of SQL is desirable

- Knowledge of ISMS is desirable