Quick Enquiry

Name :
Phone :
Email Id :
Comments
Enter Code
 

Job Details

Job Position: Senior Manager - Technology - Application Security
 
Job Description:Designing Application Security Framework and Secure Development Lifecycle for web based, non-web based, Mobile and Robotics platforms .
•Define security guidelines and controls to enforce security on web based application using Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
•Facilitate external VA/PT audits, Application Security Audits, customer audits, and actively project-manage the remediation of audit findings.
•Respond to Client RFPs and Questionnaires on Security and manage key client audits.
Role Responsibilities
•Maturity of Secure Development of Application(SDLC process)
•Secure Software Requirements - capturing security requirements in the requirements gathering phase
•Secure Software Design - translating security requirements into application design element
•Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
•Secure Software Testing - integrated QA testing for security functionality and resiliency to attack
•Software Acceptance - security implication in the software acceptance phase
•Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
•Compliance to Information Security policies, standards and processes
•Client relationship management(facilitate external audits, PCIDSS, ISO 27001, customer audits)
•Performing security testing of web applications, networks and source code reviews using Risk based approach
•Conducting VAPT, Source code audits, Infrastructure reviews
•Conducting security assessments on a wide variety of business applications in the areas of Ecommerce Finance, Insurance, Utilities, Transportation etc..
•Performing Application Threat Modeling and Threat profiling based on Hackers Interest areas.
•Performing source code reviews of multiple critical applications on different platforms and technologies.
•Knowledgeable in Platforms
•Secure J2EE Programming
•Secure .NET Programming
•Secure PHP Programming
•Programming languages: Java, Perl, SQL, C and C++
•Conducting a configuration audit of multiple platforms including Windows, Linux, AIX, Solaris, Oracle and MSSQL databases, Apache and IIS web servers, IIS, Cisco IOS, Cisco Pix Firewall, DHCP Server, Microsoft Exchange Server etc…
•Analyzing security of the network & wireless Infrastructure.
Performing external as well as Internal penetration testing of Internet-facing servers using tools like Burp suite,Nmap,Nessus,Metasploit and performed black box and grey box testing on internally hosted Web applications.
•Performing Vulnerability on Windows 2003,2008 R2,Domain Controllers,Linux,Oracle,SQL database servers.
•Auditing the Firewall Rule base of multiple firewalls including but not limited to Fortigate, Checkpoint, Cisco Juniper, Microsoft ASA, Microsoft TMG etc….
•Conducting trainings and awareness sessions in the domain of web application security and secure coding practices.

Qualification
•Minimum Graduation.
•One or more of the following certifications are desirable: CSSLP, CISSP, CEH, SANS(GWEB), OSCP

Experience
•Total Experience: 8-10 years

Skills
•Strong domain understanding of offshore technology sectors and / or business operations
•Capable of managing project tasks individually and as a team
•Ability to document and explain technical details in a concise & understandable manner
•Excellent client relationship management skills
•Excellent oral and written communication skills
•Excellent Presentation & Public speaking skills
•Other duties as assigned
 
Company Name: Client of Symmetrical.
 
Location: Noida
 
Job Code:HR/SGS/1096
 
Experience :8
 
Job Salary:
 
Last Date To Apply: 24-09-2017
 
Posted on : 8-09-2017