Job title: Information security Analyst
Experience:
3-8 Years
Notice period:
Immediate to 15 days
Location: Pune
JD:
· As an Information Security Analyst,
candidate must focus on identifying and assessing vulnerabilities in software
systems, Networks and mobile based application.
· The major focus will be on
Application Penetration testing followed by Network Penetration Testing and
Mobile Security assessments.
· Experience to work closely with
Application Developers/architects to track the security defects to closure
· The work involves Test Case
Creation, Penetration Testing, Source code reviews, Report Creation & presentation
to stakeholders along with operation and construction of tools to assist in
these tasks.
· To actively contribute to the
Vulnerability management efforts of the organization via developer query
resolution on vulnerabilities and defect tracking to closure.
· Well versed with OWASP Top Ten and WASC Threat Classifications
· Expertise in Vulnerability
Assessment and Penetration Testing of Web Applications
· BusinessLogic based application
testing
· Penetration testing of Mobile
applications and websites.
· Exploitation of the issues found and
presenting the impact occurred
· Source Code Reviews - Well versed in
Java Secure Code Review
· Expertise in Automated Scanning
using CheckMarx and Fortify
· Well versed with OWASP Code Review
concepts & identifiers
· Familiar with popular tools:
· Application Proxy: Burp suite,
Paros, OWASP ZAP, WireShark
· Vulnerability Scanners: IBM AppScan,
HP WebInspect, Nessus, NTO Spider
· Exploit Toolkits: Metasploit,
Exploit DB etc.
· Understanding of the nature and
sources of security vulnerabilities, how to identify and exploit them
· Strong expertise in security
technologies and significant experiences in information technology focusing on
security related vulnerabilities
· Good to have programming experience
in Java, shell scripting, Perl, or Python
· Sound Knowledge of TCP/IP protocol
Stack, HTTP protocol, encoding standards, encryption technologies and
development frameworks.
· Application Security
Testing/Penetration Testing (Web based, Thick client, web services, Mobile) -
Must
· Network Security Testing/Penetration
Testing (Network, OS, Databases etc.)
· Static Code Analysis/ Secure Code
Review - Must
· Security defect Tracking and working
closely with Developers to fix the issue
· Bachelors or higher degree in
Computer Science or equivalent experience