Security analyst

Posted: Sept. 8, 2020, 2:09 p.m. - Full Time - Delhi ncr - remote available

Title: Security Analyst/Consultant

Location: Delhi NCR (Remote)

Availability: Immediate Joiner or within 4 weeks

We are looking to hire Security Analysts, Consultants who are passionate about security threats and vulnerabilities, understand how to break and defence the system from both the Application and network perspective. Automate the security testing for our clients and also passionate about open source tools.

Job Description:

  • Perform Vulnerability assessment and Application security testing and assessment for our clients and assist our clients in improving their security posture of their applications, network and Infrastructure.
  • Perform Secure configuration review and Configuration Hardening.
  • Perform Secure source Code review using Static analysis tools and manual approach.
  • Profile an application, identifying threats and exploit vulnerabilities in applications and network infrastructure.
  • Ability to analyse web-application, mobile application (iOS, Android) source code review, work flows.
  • Experience in performing VAPT, Application Security Testing using Manual Techniques and Automated tools.
  • Conduct Cloud Infrastructure & Container Security assessments, Docker, Kubernetes, AWS, Azure, GCP.
  • Conduct API Security testing and Micro services testing.
  • Strong organizational, team-work, multi-tasking, and time-management skills.
  • Keen to Learn & Research on emerging security topics and new attack vectors.
  • Act as front-line point of escalation on assigned client engagements, following up on open issues and acting as an escalation of contact for all customer issues.
  • Provide offsite and on-site consulting services to our customers.
  • Strong knowledge of OWASP, SANS top 25, NIST Framework.

Candidate Profile and Experience

You just have to be good at and, most importantly, love what you do. Here’s a list of qualities we’re looking for, but don’t think that you need them all:

  • Minimum 2-4 years of Security Consulting and Assessment Experience.
  • Vulnerability assessment, Penetration testing and code review.
  • Understanding security fundamentals and common vulnerabilities (e.g. OWASP Top Ten, SANS).
  • Scripting/programming skills desired (Python, Ruby, Java, JS, C++ etc.)
  • Working knowledge of tools such as Burp Suite Pro, Nessus, Qualys, Nmap.
  • Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
  • OSCP, CEH, CCNA, GWAPT, GPEN, GXPN certification is helpful but not necessity.
  • Relevant Information Security academic training is a definite bonus.
  • Experience of White box/Black box/Grey box testing.
  • Be an active member of the InfoSec team and contribute to achieving team goals as may be required.
  • Strong project management skills, including the ability to interact with our clients and security teams.
  • Excellent communication and presentation skills (written & verbal).
  • Bug Bounty track, participation & awards.

What do you gain?

  • Challenging, transparent and supportive work environment.
  • Opportunity to grow rapidly in your career along with the company’s growth.
  • Competitive compensation structure and benefits.