Associate team lead- cyber securityPosted: May 12, 2022, 6:52 a.m. - Full Time - Remote
Security Brigade is looking for Associate Team Lead - Cyber Security who will be involved in managing the team of junior security consultants, project reviews, delay tracking, and customer expectation management. They will be responsible for security assessments and penetration testing of application and enterprise environments as well as security research and development of security tools, processes, and testing methodologies.
Roles and Responsibilities
• Train and manage the team of consultants to perform web/mobile application security testing, vulnerability assessments, source code reviews, configuration reviews, cloud security, API security testing, Docker/Jenkins Security. • Perform advance security assessments like red teaming, spear phishing simulation, wifi PT, Incidence Response • Profile an application, identifying threats, and developing test cases to target identified threats. • Manage project timelines, deadlines and expectations - including customer interactions. • Prepare reports documenting identified issues based on internal templates • Interact with customers in a collaborative consultative manner to deliver results, provide feedback and remediation recommendations on findings. • Research emerging security topics and new attack vectors. • Write tools and scripts to automate technical processes and make audits more efficient • Act as a SPOC for major customers and manage the project deliveries. • Ability to lead and manage a team of 2 3 people. Prior team management experience is a plus. • Attend pre-sales calls to discuss and help end customers explaining the services, recommend the best services according to their requirements.
• In-depth understanding of security issues, exploitation techniques and remediation measures • Ability to follow an in-depth manual testing process, experience in exploiting AD, Cloud ( AWS, Azure, etc ) • Development knowledge of any current programming languages. • Developing automation scripts to reduce/automate works in bash, python, perl, etc • Strong understanding of application and network security • Strong oral and written communication skills • Involvement in software community via OWASP, Null , and/or open source development is highly desirable. • Track record speaking at major security conferences such as OWASP Appsec, SANS Appsec, and Blackhat, Nullcon is highly desirable. • Good understanding of latest tools like Burp Proxy, Acunetix, SQLmap, Nmap, Nessus. • Experience with Network Architecture Review and Firewall Rule-base Audit. • Experience with Source Code Review and Application Architecture Review will be a plus. • Ability to work on multiple complex assignments simultaneously. • Proven ability to excel and innovate.Good To Have • Knowledge or experience of Bug Bounty / Open Source • Experience in Customer Management and Team Management • Certification CEH|OSCP
Desired Candidate Profile TLDR -
Passion > Education We don't require a B Tech or BSc degree, but plenty of the team has them. We always look at capabilities and experience first. Candidates with published advisories, tools, research papers, generally anything that can demonstrate you know your stuff when it comes to web and mobile applications will be preferred.
About Security Brigade:-
Security Brigade is a pure-play information security consulting firm specializing in manual testing. Founded on the core belief that "Great audits are done by great auditors - not expensive tools", Security Brigade's approach is built around strong processes that enable auditors to conduct in-depth manual security audits.
Security Brigade is based out of Mumbai, India and was founded in December 2006. It conducts thousands of audits a year for organizations such as: MakeMyTrip, Network 18, Tata Group, HDFC, Vodafone, IRDA, Reliance Money, Netmagic Solutions among many others.
For more information, visit www.securitybrigade.com
Security Brigade a CERT-In empanelled founded on the core belief that "Great audits are done by great auditors - not expensive tools". Our proprietary E.D.I.T.E platform provides a workflow-based testing engine that encapsulates the complete audit process. It allows expert auditors to focus on in-depth manual testing while assisted by a combination of proprietary, open-source and commercial technology.