Max Life Insurance - Manager - Enterprise Risk Management - Information Security

Roles and Responsibilities:

- Provide innovation within the context of the Vulnerability and Penetration Testing (VAPT) program in relation to both process and technology.

- Design, implement, and support VAPT solutions identified as necessary for the protection of organizations assets.

- Serve as a Subject Matter Expert (SME) for the VAPT function.

- Serve as the system owner for common VAPT toolsets, platforms, and processes.

- Assess the sufficiency of policies, standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture.

- Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the CISO

- Provide input into security risk assessments by leveraging specialized knowledge.

- Work with DevSecOps team for continuous analysis and improvement.

- Report compliance failures to management for immediate remediation.

- Mentor junior members of the VAPT group and provide constructive consultation to other peer groups such as IT Development.

- Assisting the Chief Information Security Officer in the fulfilment of responsibilities

Desired Candidate Profile

- Graduate/Post Graduate degree in Information management and security (pref. B. Tech/ M.Tech/MS)

- 5+ years of professional experience in information security with a focus on vulnerability assessment and penetration testing.

- Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper etc. Proficiency with other common attack tools and frameworks such as Wireshark, Kali, and Metasploit, etc.

- Ability to validate the presence of identified vulnerabilities with accuracy.

- Must have the ability to perform targeted penetration tests without use of automated tools.

- Capable of providing assistance with the preparation of internal training materials and documentation.

- Passionate in the practice and pursuit of VAPT excellence

- Knowledge of cloud technologies and cloud hosting (nice to have)

- Relevant certifications CEH, ECSA, OSCP, OSCE is an added advantage

KEY COMPETENCIES/SKILLS REQUIRED :

VAPT, Configuration Reviews, Network Architecture reviews, Ethical Hacking