| Responsibility: |
This role provides technical consulting to management, business users, security teams, and technical associates to assure that IT applications and infrastructure is secure.
- Experience in performing IT Security reviews including third party/vendor reviews, Vulnerability Assessment, Penetration testing & Secure code reviews
- Hands on experience in security systems, including firewalls, intrusion detection systems, identity and access management, antivirus software, authentication systems, log management/Security operations center (SOC), content filtering etc
- Provide clarity and direction on organizations Information Security Strategy to senior Management.
- Excellent knowledge of Information Security technologies and methodologies particularly, including for example web server security / firewalls / networks / encryption / PKI / TCP/IP / UNIX / Windows etc.
- Review & recommend appropriate enhancements and interventions to continuously improve the existing processes and policies
- Maintain & exceed level of Information Security governance as expected by the management.
- Strong understanding of key network and technical security controls
- Experience of information security standards ( desirable) such as: ISO 27001, ISO 22301, PCI DSS, ITIL, COBIT
- Certifications (desirable): CISA, CISSP, PMP, ITIL, CEH, COBIT, ISO 27001
- Proactively evaluate product ecosystem to determine potential short- and long-term security vulnerabilities.
- Should be able to visualize how to play both offence and defence in cybersecurity, and offer resolution advice for identified vulnerabilities.
- Should be able to drill down to specific reported vulnerabilities as well as have a holistic view of the impact of the vulnerabilities.
- Understand the threat model and perform security architecture reviews.
- Hands-on experience in computer forensics, analysing network exploits, hacking of any device and penetration testing. (Should have done any of the above in a real system)
- Experience using Vulnerability and Penetration test tools is highly desired. ( e.g. Nmap, Nessus, w3af, etc.)
- Experience using Fuzz tools to model different attack patterns is highly desired (e.g. Metasploit, etc.)
- Should have a pulse on the latest trends and best practices in cybersecurity attacks.
- Familiarity with Security Standards and groups (OWASP, WASC, FISMA, CVE, NCERT, etc.)
- Experience with multiple platforms ( e.g. Windows Server, Kali/Backtrack Linux, Embedded systems, Android, Cloud systems, etc.) and languages (e.g. C, C++, Java, Python, etc.) highly desirable.
- Experience and good understanding of networking protocols TCP/IP, UDP , SSL, XML, etc.
- Fair understanding of network security and cryptography fundamentals, with some hands-on experience using crypto libraries and APIs (e.g. Openssl, Keystore, etc.)
- Strong understanding of Denial of service, replay attacks, masquerading attacks, man-in-the-middle attacks and other cybersecurity issues.
- Experience with S/W vulnerability analysis and knowledge of best practices for secure S/W programming.
- Strong understanding of SDLC and experience using related tools for Defect tracking, Source Control, IDEs,
- Excellent written & oral communication skills.
|
