Lead consultantPosted: Oct. 6, 2021, 5:51 p.m. - Full Time - Andheri - mumbai
• Minimum 5-6 years of experience.
• Experience testing applications using Static & Dynamic Application Security Testing (SAST/DAST) techniques, manual processes, and automated tools.
• Experience testing applications using Static & Dynamic Mobile Application Security Testing (SAST/DAST) techniques, manual processes, and automated tools.
• Experience conducting Internal/External Network Vulnerability Assessments, Internal/ External Network Penetration Testing. Segmentation Penetration Testing and other security-specific assessments.
• Experience working with Windows and UNIX- based environments (i.e. Linux, BSD, etc.).
• Knowledge of network protocols and general networking topics (i.e. TCP/IP, UDP, ICMP, DNS, routing, etc.).
• Coach, mentor a team and perform network penetration, web application testing, source code reviews, and threat analysis, as applicable utilizing standard security tools, e.g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.
• Manage day-to-day interactions with clients and internal ControlCase team
• Display both breadth and depth of knowledge regarding functional and technical issues Proactively seek guidance, clarification, and feedback
• Keeping leadership informed of progress and issues; and Sustain a high level of drive, show enthusiasm, and have a positive attitude when coping with pressure at work.
• Manage client expectations and ensure customer success
• Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats.
• Proficient in the use of word processing and spreadsheet-based toolsets
• Network Security Certifications such as CEH, OSCP, CISSP will be considered as an asset.
• Experience in leading and managing team
• Organized and strong attention to detail
• Managing escalations from client and internal teams
• Manage and track team assignments
• Track Quarterly, Bi-Annually and Annual testing activities
• Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
• Review and define requirements for information security solutions
• Perform security reviews of application designs, source code, and deployments as required, covering all types of applications (web application, web services, mobile applications, thick-client applications)
• Participate in Security Assessments of networks, systems, and applications including Vulnerability remediation and management, Penetration testing, Sensitive data discovery testing, Segmentation testing.
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material, and supporting assets
• Collects, consolidates, and analyses information required for the evaluation and administration of services rendered; produces reports to recommend processes and procedures to implement such requirements as required by ControlCase: ISO 27002,17799, 5970 controls, C198, PIPEDA, Sarbanes Oxley, PCI, etc
Short Notice period and immediate joiners preffred.