| Reporting Structure |
| Reports to Senior/ Chief Manager – Cyber Security Risk Assessment and Advisory Services |
| Education | - University bachelor’s degree with specialisation in the field of computer Science/IT or Engineering Graduate/PG in CS/EXTC/IT Allied branches
|
| Experience/ Qualifications | - A minimum experience of 10-12 years in cyber security with relevant of 8 years in web, mobile applications, APIs, Network, Infrastructure and platforms security risk assessment.
- In depth understanding of existing global standards for information / cyber security such as – OWASP, SANS, and MITRE
- Familiarity with common attack vectors, exploits, and countermeasures
- Perform thorough security assessments of various applications, APIs, mobile platforms, Network & Infrastructure and AI-based products using industry best practices and standards
- AI based software product and security risk assessment
- Holistic risk approach and security control proficiency with respect to people, process and technology aspects
- Good hold and understanding of security practices in application and microservices product development
- Ability to identify cyber security risk and threats based on overall environment, platform of application and third-party vendor security risk.
- Should be proficient in identifying security control implementation gaps in software products and underlying infrastructure
- Excellent verbal and written communication skills is mandatory with customer or stakeholder interaction exposure.
- Strong analytical skills and attention to detail.
- Must be able to articulate risk observation in detail and simple understandable language and explain the security risk observations and reason for severity mapping to customer.
- Should be able to provide solution and remediation for non-compliance observations to development team and support closure.
- Ability to work independently and manage security assessment of multiple projects simultaneously
- Strong problem-solving abilities and should prioritize tasks effectively
- Comfortable working in a fast-paced environment and able to adapt to changing priorities
Desirable: - 1-2 years of coding experience is desirable
- Familiarity with containerization technologies like Docker, OpenShift and Kubernetes
|
| Industry experience preferred | Software & Application Development | BFSI | Product |
| Role & Responsibilities | - Perform data flow and architecture review of application and identify threats (may use threat modelling)
- Review multiple documents related to application such as SRS, BCP, HLD, LLD and should be able to identify security control gaps as per global standards (OWASP/ MITRE / SANS)
- Prepare platform and application security assessment control checklist to be considered and aligned to global standards and industry best practices.
- Identify process and technology risk in software, mobile applications, API and underlying infrastructure
- Knowledge of common attack vectors and exploits related to web applications, APIs, mobile applications, network & infrastructure, and platforms.
- Develop threat model as per the application and organisation compensatory controls and context
- Prepare risk reports and project tracking for risk observations and compliance.
- Provide recommendations and compensatory controls to reduce cyber security risk level
- Communicate effectively with project managers, application owners, customers and stakeholders.
- Advises management of critical issues that may affect the overall project deliverables and risk posture of application.
- Demonstrate skills by upgrading self-knowledge quickly and transferring it to peers.
- Stay up to date on emerging threats, vulnerabilities, and trends in technology security and apply that knowledge to assessments and recommendations.
- Provide training and guidance to staff on security best practices and procedures.
|
| Preferred Certifications | OSCP/ CRISC/ CISSP/ CSSLP |
