Senior Security Engineer Job in Infopark

Job Responsibilities:
Develop best practices and security standards for the organization
Assist fellow employees with cybersecurity, software testing best practices
Work closely with customer centric project teams independently and serve as a single point of contact for all security testing related activities.
Researching the latest security best practices, staying abreast of new threats and vulnerabilities and helping to disseminate this information within the group as well as the organization.
Follow and Enabled compliance in-line with the company's policies, goals, standards, and processes relating to security penetration testing.
Create comprehensive assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
Lead, execute and deliver the efforts of Security Testing across the engagement s lifecycle
Find cost-effective solutions to cybersecurity issues
Interface with vendors\development team that delivers Security Testing engagements
Ensure reporting of Security Testing activities are appropriate for the intended audience
Engage with technical and business stakeholders to convey the outcome of Security Testing engagements
Overview/debrief sessions are held with stakeholders before and after security testing engagements.
Consult technical teams on remediation efforts
Contribute to the reporting of relevant KPIs, KRIs, or other metrics
Share the benefits of the different Cyber Security service offerings


Qualifications/Requirements:
Bachelor's Degree in Information Systems / Technology, Computer Science / Engineering or equivalent field of study or a minimum of 5 years of cyber security experience
Strong collaboration and communication skills (both written and verbal).
Ability to work in a team environment with aggressive deadlines and multiple priorities
Problem solver and barrier breaker


Experience & Expertise:

4+ years in the information security industry, particularly with vulnerability assessments and penetration testing of applications and/or infrastructure using industry standards (e.g. OWASP, PTES, and others).
3+ years of experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, API s etc.
knowledge and exposure to OWASP Top 10, SANS top 25, WASC security standards, OSSTMM, PTES, NIST standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
Knowledge in using open-source penetration testing tools such as Burp suite, Kali Linux tools, Metasploit, SQLMAP, Nmap, MobSF etc
Having Good knowledge in REST API security testing.
Working knowledge of security principles, techniques, and technologies.
knowledge and exposure on any one of the cloud platforms (Azure, AWS and GCP) and experience in performing security tests against applications deployed in cloud is an asset.
Good understanding of enterprise operating system environments and networking
Good understanding of security vulnerabilities and common software flaws
One or more of the following security certifications CEH, CompTIA Security+, OSCP, GPEN or GWAPT or CompTIA Security+ would be Desirable or preferred
Vulnerability assessment of IT infra such as (Servers/Networks) would be desirable.
Working experience with scripting languages, such as Python or PERL.
Understanding of common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc would be preferred.