Job Title: Information Security Analyst
Experience: 3 to 8 years
Notice period: Immediate to 15 days
Location: Pune
JD:
·
As an Information Security Analyst, candidate must focus on
identifying and assessing vulnerabilities in software systems, Networks and
mobile based application.
· The major
focus will be on Application Penetration testing followed by Network Penetration
Testing and Mobile Security assessments.
· Experience to
work closely with Application Developers/architects to track the security
defects to closure
· The work
involves Test Case Creation, Penetration Testing, Source code reviews, Report
Creation & presentation to stakeholders along with operation and
construction of tools to assist in these tasks.
· To actively
contribute to the Vulnerability management efforts of the organization via
developer query resolution on vulnerabilities and defect tracking to closure.
· Well versed
with OWASP Top Ten and WASC Threat
Classifications
· Expertise in
Vulnerability Assessment and Penetration Testing of Web Applications
· BusinessLogic
based application testing
· Penetration
testing of Mobile applications and websites.
· Exploitation
of the issues found and presenting the impact occurred
· Source Code
Reviews - Well versed in Java Secure Code Review
· Expertise in
Automated Scanning using CheckMarx and Fortify
· Well versed
with OWASP Code Review concepts & identifiers
· Familiar with
popular tools:
· Application
Proxy: Burp suite, Paros, OWASP ZAP, WireShark
· Vulnerability
Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider
· Exploit
Toolkits: Metasploit, Exploit DB etc.
Requirements:
· Understanding
of the nature and sources of security vulnerabilities, how to identify and
exploit them
· Strong
expertise in security technologies and significant experiences in information
technology focusing on security related vulnerabilities
· Good to have
programming experience in Java, shell scripting, Perl, or Python
· Sound
Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards,
encryption technologies and development frameworks.
· Application
Security Testing/Penetration Testing (Web based, Thick client, web services,
Mobile) - Must
· Network
Security Testing/Penetration Testing (Network, OS, Databases etc.)
· Static Code
Analysis/ Secure Code Review - Must
· Security
defect Tracking and working closely with Developers to fix the issue
· Bachelors or
higher degree in Computer Science or equivalent experience