Security Analyst - IT

Job Description : 

Position Summary : 

The Security Analyst is expected to perform vulnerability assessment, security analysis, penetration testing, code review of the product/modules and report the findings in defect tracking tool. It also includes but not limited to re analyse the findings and work with developers for the fixes.

Manual Testing : 

- Perform threat modelling

- Perform architectural analysis

- Perform logical security assessment

- Monitor third party API- s, SDK and libraries are up to date.

- Generate assessment report

- Report your findings as per the severity

Automation testing :

- To use automated scanning tools

- Review false positives and true positives

- Generate assessment report

- Report your findings as per the severity

- Analyze reports from interactive source code review tool for false positives and include it in the report.

Analysis and reporting :

- Create a detailed assessment report as per company Works standard.

- Report issues as per the severity

- Follow up and review the fixes

Ad hoc request :

- Work on Ad hoc request related to application security

- Conduct pen. Test, Design reviews as per the request

Training and knowledge transfer :

- Conduct periodic security awareness training as per the requirement bases on global standards.

Working Relationships:

- Team leads

- Peers

- Developers

- Product managers

- Other security teams

- Support and operations team

- Infrastructure teams

Knowledge :

- Understanding of OWASP Top 10, SANS Top 25 and WASC, NIST.

- Black Box, Grey Box security assessment of web application, Mobile application.

- Experience of identification and mitigation of vulnerabilities

- Good knowledge of TCP/IP and other application and network level protocols.

- Security in SDLC (Application Security)

Skills :

- Strong team player

- Interpersonal Skills

- Good communication

- Active listening

- Believes in team work over individual contributions

- Articulation of thoughts

- Able to express view assertively

Attributes :

- Ownership and accountability

- Passion

- Integrity

- Team work

Certification :

- CEH

- OSCP

- Any other security-related certification.

Note: Experience in VAPT of Web and Mobile apps, an expert on Burpsuit and good knowledge on OWASP Top 10

Bond:- 2 years of the bond (this term will not stop your appraisal, bonus and other benefits)

Work shift:- 12.00 noon - 9.00 pm Shift

Pankaja -6362626779.