Security analyst
Posted: April 3, 2023, 10:35 a.m. - Full Time - Noida**
Role Overview:
VAPT/WAPT is a hands-on tech oriented position. You will play a pivotal role within the Cyber Security Practice and work with delivery teams as well as networks and infrastructure support teams.
· Embed security throughout the lifecycle of software delivery
· Building and defining Security Testing practices
· Play a consultant and advisory role to delivery team and clients
Responsibilities:
· Work closely with Application Development & IT team and serve as a single point of contact for all security testing related activities
· Executing manual network, application penetration tests and security code reviews
· Analyse application security architecture and understand security threats
· Draw Data Flow Diagrams (DFD), prepare threat models, identify threats and suggest mitigation steps
· Design and execute security test cases
· Create and review security test reports and evidences
· Provide recommendations to clients in fixing vulnerabilities
· Develop frameworks and methodologies to evaluate security in new and emerging technologies including mobile application such as IOS, Android etc.
· Assist in building security testing competency
· Mentor and provide technical guidance to team members in executing test cases
· To define testing criteria for systems and applications.
· Write SOPs, SOW’s
· Technical and Process reviews of the team output – represent the team reports to all stakeholders.
· To work with end clients to develop strategies and plans to enforce security requirements, and remediate identified risks / vulnerabilities.
· Assist in building security testing competency
· Bachelor’s Degree (or equivalent) or advanced degree highly desired.
· 5 - 7 years of Security Testing and Project Management Experience
· Good knowledge of network & application security vulnerabilities
· In-depth knowledge and experience with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews. OSSTMM for network penetration testing
· Experience in manual and automation penetration testing tools and techniques. Should have experience in using tools like Burp, ZAP, Veracode, Fortify, WebInspect, NMap etc.
· Experience in performing threat modelling and identify attack vectors. Must be familiarity with STRIDE and DREAD concepts.
· Must be able to handle tasks/activities with competing priorities
· Must be able to work independently & guide team
· Ability to handle multiple customers simultaneously from different industry verticals
· Ability to manage a diverse team and getting them to deliver as expected
· Ability to handle team challenges and resolve conflicts
· Good verbal and written communication skills with the ability to talk to both business teams and technical teams
· Security certifications such as OSCP, CEH, ECSA, GPEN **