Job Description :
Position Title, Responsibility Level : SAVP
Function : Global Technology (Information Security)
Reports to : Vice President - Information Security & Cyber Security
Permanent/ Temporary : Permanent
Span of Control : 8-10
Location : Noida
Basic Function :
Primarily responsible Leading and Managing the Enterprise Threats / Vulnerability / Risk posture through establishing a strong framework and continual improvement for :
- Infrastructure Network Vulnerability Assessment and Penetration Testing
- Secure Application Development Framework and Security Assessments
- Designing a framework for Cyber Security Offensive testing, Cyber Drills, Red Teaming, Bugs Bounty and Social Engineering simulations to test and drive improvement initiatives for cyber readiness
- Designing and Enhancing Enterprise Security Architecture
Essential Functions :
The role is responsible for ensuring continued and successful security assessments and operations in the following areas :
Infrastructure Security :
To lead a team responsible for :
- Managing Vulnerability Management System (Qualys, Nessus), Penetration Testing, and configuration reviews.
- To coordinate and facilitate the information security audits (including process & technical audits - VA/PT), and work with technology teams for the observations closure.
- To Perform and Manage Enterprise wide Risk Assessment. To coordinate with various functions for timely execution of Risk Assessment for Technology function.
- To test and research new vulnerabilities
- To perform red team exercises and conduct ethical pen testing and cyber-attack simulations
- To contribute in ISO27001 and PCI DSS certifications audits.
Application Security :
To lead a team responsible for :
- Maturity of Secure Development of Application(SDLC process)
- Secure Software Requirements - capturing security requirements in the requirements gathering phase
- Secure Software Design - translating security requirements into application design element
- Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
- Secure Software Testing - integrated QA testing for security functionality and resiliency to attack
- Software Acceptance - security implication in the software acceptance phase
- Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
Security Assessments and Architecture :
- Design Security Architecture standard for the organization
- To conduct security risk assessments for technology architecture and solutions, including cloud and
- Determines security requirements by evaluating business strategies and requirements
- Researching and enhancing organizational security architecture standards
- Ensuring Technology Solutions and Applications are supported by robust and resilient Security Architecture
Primary Internal Interactions :
- Technology Function (Network, Systems, Applications etc)
- Business Teams
Primary External Interactions :
- Clients
- Auditors (Big 4s)
- Security Suppliers
Organizational Relationships :
Reports To : Vice President - Information Security & Cyber Security
Supervises : In - house and Supplier Security Team
Skills :
Technical Skills :
- VAPT
- Ethical Hacking
- Malware Analysis
- Cyber Drills
- Exploit analysis and design
- Application Security
- Security Architecture
Process Specific Skills :
- ISO27001
- Risk Assessment
Soft skills (Desired) :
- Capable of managing project tasks individually and as a team
- Ability to document and explain technical details in a concise & understandable manner
- Good Oral and written communication skills
- Good Presentation & Public speaking skills
Soft Skills (Minimum) : Same as above
Education Requirements : Graduation
One or more of the following certifications is desirable : CISSP / CEH / CHFI / ECSA / OSCP
Work Experience Requirements :
Total Experience : 14-18 years
- Hands on experience of working on Linux/Windows environment, Metasploit framework, Nessus, Qualys, Malware Analysis, Vulnerability Assessment and Penetration Testing, IBM AppScan, HP WebInspect, Burp Suite, NetSparker etc.
Didn’t find the job appropriate? Report this Job