Desired Skills and Experience
- Bachelorâs degree in related
field (Business, Information Services, IT, Information Security, etc.);
Masterâs preferred.
- 8 years of hands on Application
Penetration testing experience.
- A Self Starter with strong
organizational skills, including the ability to deliver with minimal
supervision and experienced in working in an onsite-offshore model.
- Expert knowledge and hands on
experience of penetration tools such as Kali linux, Burpsuite, Nessus, Metasploit etc.
- Expert
knowledge of existing, emerging threats, web security principles and attack
vectors
- Ability
to Author detailed and articulate penetration test reports, including
prescriptive recommendations for remediation options
- Extensive knowledge of
information and technology security management technologies, methods,
standards, and processes as well as knowledge of compliance, legal, internal /
external audit & regulatory requirements.
- Strong Expertise with Open Source Security Testing
Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and
National Institute of Standards and Technology (NIST) Special Publications
- Strong expertise in the
collaboration, facilitation and coordination with the business units for the
mitigation of risks.
- Strong
understanding of Application Design, DevOps, TCP/IP fundamentals, network
protocols, system administration and network architectures.
- Experience and exposure to
large organizational implementations of vulnerability management programs, with
specific emphasis on application security, metrics development and reporting.
- Experience
with programming at least one of the following: Perl, Python, ruby, bash, C or
C++, C#, or Java, including scripting and editing existing codeÂ
- Knowledge of Web Frameworks
such as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
- Understanding of APIs
(JSON/REST/SOAP) An aptitude for technical writing,
including assessment reports, presentations and operating procedures.
- Strong problem solving and project
execution skills. Ability to handle changing priorities and drive difficult decisions.
- Ability to solve very complex
security issues that span multiple components in an Application infrastructure.
- Ability to lead and motivate the
team to achieve tactical and strategic goals.
- Knowledge of common information
security management frameworks, including but not limited to: ISO 27001/27002,
ITIL, COBIT and NIST is desired.
- Professional security
management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials,
is desired