Senior Information Security Consultant Job in Xiarch Solutions Pvt Ltd

Senior Information Security Consultant

Apply Now
Job Summary

Senior Information Security Consultant :

Job Description

About the Company

Xiarch is a CERT-Empanelled Organization. Xiarch, is an acronym for Xtreme InfoSec Auditors, Researchers, Consultants and Hackers. Xiarch is best of breed professionals in the infosec industry. Xiarch aspires to use its moral values, competence and knowledge to secure the corporate IT investments and help our clients derisk their business. Xiarch has its own R & D facilities, where cutting edge research is done in the field of information security. Xiarch R & D team is always devising new ways through which your investments can be protected from the threats posed by the malicious users.

Responsibilities

2 or more years of people management experience for a team of Information/Cyber Security Business and Security Audit.
5 or more years of experience required in related field Vulnerability Assessment & Penetration of Web, Network, Mobile, API etc.
Requires strong knowledge of Penetration Testing & Red Teaming Exercise.
Excellent communication, interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout organization.
Proactive and Self-directed, team player mindset is a must.
Experience in execution and building relationships and working with executives at all levels.
Certifications like CEH, OSCP, SANS GPEN, CISSP or any other industry accredited security certifications would be preferred.
Good interpersonal, problem solving, reasoning and analytical skills.
Ability to effectively collaborate with others in English.
Demonstrated time management skills strong work ethic, attention to detail, able to multitask and have strong communication, time management and problem-solving skills.


Skills and Expertise

Experience in conducting and managing Penetration Testing, Vulnerability Assessment projects.
Manages team of security to support attack prevention strategy, policy, process, communications.
Knowledge and breath of security landscape (SIEM, Data Loss Prevention, Endpoint security, Network Security) is a must have.
Technical skills in data-analysis (SQL, Python) to develop data driven insights.
Establish and execute communications strategy and communications plan for on-going cross-functional and executive leadership communications to educate leadership on fraudulent activity, emerging industry trends and detection/prevention technology solutions to solve for the same.
Conduct vulnerability assessment and penetration testing for network, web applications, mobile applications and thick-client application.
Conduct configuration reviews for OS, DB, Firewall, Routers, Switches and other infrastructure components.
Conduct red-team assessments using social engineering, physical security compromise and other techniques.
Conduct source-code review using automated and manual approaches.
In-depth knowledge in mobile/web/network/api etc and defense strategies and Thick client applications.
Proficiency with understanding and writing/modifying exploits.
Knowledge of mobile/web/network/api security and should able to independently execute projects independently.
Good Knowledge and experience of conducting vulnerability assessments and penetration testing (VAPT) of apps as per standards such as PTES, OWASP Top 10, SANS/CWE Top 25, NIST.
Ability to analyse web-application, mobile application work flows and perform manual testing.
Analyse application security vulnerabilities found through testing and collaborate with development and other internal technical teams to provide mitigation steps to reduce the risk.
Should have hands-on experience with at least one programming/scripting language from PHP, C#, ASP .Net, Java, Python, Ruby, Java- scripting.
Experienced in Manual and automated security testing of applications.
Understanding of application technologies and its components
Hands-on experience of security code review.
Experience on Web services, API testing.
Ability to analyze root causes and deliver strategic recommendations during security reviews.
Strong knowledge of tools for mobile application security, including but not limited to Kali Linux, BURP, PostMan, Appie, Mobisec, SoapUI, NowSecure, HP Fortify on Demand, Data Theorem, etc.
Knowledge in data encryption and cryptography.


Qualification:
UG - BTECH/BCA
PG- MTECH/MCA

Certification:
OSCP/CEH/CISSP/CISA



Salary : 3 - 8 Lac
Experience Required :

Minimum 2 Years

Vacancy :

2 - 4 Hires