Manager - VAPT

Job Description

General Experience Requirement for the role:Having 4 years of experience in the leading and managing Threat & Vulnerability competency, projects and customer engagementsHaving 6-10 years of core hands-on experience in fields of cyber-Security, security standards, best practices, vulnerability assessments, web application testing, network and mobile application assessment, and penetration testing1-2 years of experience in enterprise security management, security products/solution integration/security operations, with good understanding of Network and system security concepts and standards, security best practicesExperience building and leading and managing security teams with experience in Cyber security practices, AppSec, threat intelligence, vulnerability management, penetration testing, infrastructure security assessmentExcellent Project Management, Service Management and customer handling skillsPossess excellent written, presentation and verbal communication skills necessary for team coordination, helping partners, and service discussions along with organizational skillsGood analytical skills with an ability to think outside the box to solve highly technical problemsAbility to work effectively with clients, management, staff members, vendors, and consultantsGood interpersonal skills to interact and collaborate with senior management stakeholders such as IT, Network and Security and CIO/ CTO/ business leadership teamsAbility to work calmly with patience in high pressure situations in a dynamic environmentEducation and Certification preferred for the role:BTech/B.E. in CSE/IT/CSA/ECEMCA/ MTech/MS in CSE/IT/CSA/ElectronicsAny of the security certifications such as CEH, CHFI, ECSA, OSCP, GPEN, CISSP/CISM/CISATechnical Skills that are Key to this role:Strong background in Network/Infrastructure Vulnerability Assessment and Penetration TestingGood understanding of security vulnerabilities, OWASP Top 10 vulnerabilities, Enterprise security architecture, standards, relevant best practices and frameworksExtensive expertise in Web, API, Android Mobile Apps, and AWS/Azure Cloud Security,Experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review on WEB, API and Android mobile applicationsWeb Application Penetration Testing: Strong experience in assessing web applications for security vulnerabilities using tools such as Burp Suite, OWASP ZAP, or similar.Mobile Application Penetration Testing: Proficiency in evaluating the security of mobile applications on Android platforms, including reverse engineering and code analysis.Cloud Security: In-depth knowledge of cloud security best practices, including experience with AWS/ Azure Cloud Platform, and the ability to configure security controls and monitor for cloud-based threats, with experience in AWS/Azure cloud security assessments.API Security: Expertise in assessing the security of APIs, including authentication, authorization, and data protection.Web Application and Mobile Apps security assessment in accordance with the OWASP standards.Vulnerability Assessment includes analysis of bugs in various applications on various domains by using both manual and Automation tools.Familiarity with security in DevOps and continuous integration/continuous deployment (CI/CD) pipelines.Experience of working on Windows and Linux with Good understanding of operating system internals (Windows, Linux and Mobile OS (Android) and app development (especially mobile)Should be familiar with common compliance requirements like GDPR, PCI-DSS, ISO 27001Experience with mobile Open Web Application Security Project (OWASP) standards and testing checklist.Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.Assessment of scanner results and intelligently identifying false positives from the scan results.Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.Hands on experience with popular security tools NMAP, Nessus, Burp Suite, Nessus, Netsparker, Metasploit, OWASP ZAP.Familiar with Agile process and development tools (Jira, Confluence, Bitbucket, Git, Maven, Jenkins, etc.)

Keyskills :
vulnerability managementvaptdevopsawsazure