Job Description :

Position Title, Responsibility Level : SAVP

Function : Global Technology (Information Security)

Reports to : Vice President - Information Security & Cyber Security

Permanent/ Temporary : Permanent

Span of Control : 8-10

Location : Noida

Basic Function :

Primarily responsible Leading and Managing the Enterprise Threats / Vulnerability / Risk posture through establishing a strong framework and continual improvement for :

- Infrastructure Network Vulnerability Assessment and Penetration Testing

- Secure Application Development Framework and Security Assessments

- Designing a framework for Cyber Security Offensive testing, Cyber Drills, Red Teaming, Bugs Bounty and Social Engineering simulations to test and drive improvement initiatives for cyber readiness

- Designing and Enhancing Enterprise Security Architecture

Essential Functions :

The role is responsible for ensuring continued and successful security assessments and operations in the following areas :

Infrastructure Security :

To lead a team responsible for :

- Managing Vulnerability Management System (Qualys, Nessus), Penetration Testing, and configuration reviews.

- To coordinate and facilitate the information security audits (including process & technical audits - VA/PT), and work with technology teams for the observations closure.

- To Perform and Manage Enterprise wide Risk Assessment. To coordinate with various functions for timely execution of Risk Assessment for Technology function.

- To test and research new vulnerabilities

- To perform red team exercises and conduct ethical pen testing and cyber-attack simulations

- To contribute in ISO27001 and PCI DSS certifications audits.

Application Security :

To lead a team responsible for :

- Maturity of Secure Development of Application(SDLC process)

- Secure Software Requirements - capturing security requirements in the requirements gathering phase

- Secure Software Design - translating security requirements into application design element

- Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation

- Secure Software Testing - integrated QA testing for security functionality and resiliency to attack

- Software Acceptance - security implication in the software acceptance phase

- Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software

Security Assessments and Architecture :

- Design Security Architecture standard for the organization

- To conduct security risk assessments for technology architecture and solutions, including cloud and

- Determines security requirements by evaluating business strategies and requirements

- Researching and enhancing organizational security architecture standards

- Ensuring Technology Solutions and Applications are supported by robust and resilient Security Architecture

Primary Internal Interactions :

- Technology Function (Network, Systems, Applications etc)

- Business Teams

Primary External Interactions :

- Clients

- Auditors (Big 4s)

- Security Suppliers

Organizational Relationships :

Reports To : Vice President - Information Security & Cyber Security

Supervises : In - house and Supplier Security Team

Skills :

Technical Skills :

- VAPT

- Ethical Hacking

- Malware Analysis

- Cyber Drills

- Exploit analysis and design

- Application Security

- Security Architecture

Process Specific Skills :

- ISO27001

- Risk Assessment

Soft skills (Desired) :

- Capable of managing project tasks individually and as a team

- Ability to document and explain technical details in a concise & understandable manner

- Good Oral and written communication skills

- Good Presentation & Public speaking skills

Soft Skills (Minimum) : Same as above

Education Requirements : Graduation

One or more of the following certifications is desirable : CISSP / CEH / CHFI / ECSA / OSCP

Work Experience Requirements :

Total Experience : 14-18 years

- Hands on experience of working on Linux/Windows environment, Metasploit framework, Nessus, Qualys, Malware Analysis, Vulnerability Assessment and Penetration Testing, IBM AppScan, HP WebInspect, Burp Suite, NetSparker etc.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.