This job ad has been posted over 30 days ago...

37

applicants

Sr . Security Engineer Full-time

at HighRadius Technologies in Hyderabad (Published at 08-12-2015)

JOB DESCRIPTION
________________________________________
Position Title: Sr Security Engineer
Department: Information Security
Reports to: Manager – Security & Audits
Location: Hyderabad
________________________________________
POSITION SUMMARY
This role is very important and critical in defining and maintain security framework in and around information systems within the organization. The position requires deep understanding of how things in security industry with extreme granular details of attack patterns, design of thwart systems, continuous monitoring etc. Making architectural changes to meet day to day changes in information eco-system in terms of evaluating functional changes from security impact aspect, using best tools in figuring out latest threats, providing solution to extreme challenged, is the central objective of this position. It is matter of interest that this position has ample scope for growth in managing Risk & compliance, not only in terms of experimenting new architectures for better security but also, making structural changes to information system workflow, the way apps process information, the way information is secured at every level of processing etc.'

Summary of essential requirements

• Atleast 4-7 years of relevant/specific extensive experience VAPT of Webapps and Enterprise networks.

• Atleast 2 years on Security testing using OWASP TOP 10, OSTMM, SANS 25, PCI standards as reference in Web Applications Security Assessments.

• Takes ownership of tasks and drives tasks through to completion

• Certification to CEH/OSCP/ECSA is a must. However, trained professionals with ability to demonstrate the same, can also apply.

• Strong functional knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)Strong analytical skills and efficient problem solving.

• Well versed with tools used in Security testing industry such as Burrp, Nmap, Metaspolit, w3af, WebSecurity, WireShark, Nessus, sqlmap, Layer-2 tools etc. Expertise on 2 tools at every layer is must.

• Should have trained/proven expertise in any one of the security frameworks/audit-systems:-
o PCI DSS 3.x
o ISO27001

• Active involvement with community in discussions related to risk strategies, attack patterns, compliance is an essential trait.


Educational Qualifications & Skills

 Bachelor's or Master’s Degree (preferably from a top reputed university)

 Strong analytical skills to comprehend above technical skills on how to make and break foolproof security systems

Would be handling below activities as part of day to day work:

• Conduct security reviews of products, applications and infrastructures. Exploit security flaws and vulnerabilities with attack simulations on multiple projects .

• Plan, Design and execute Internal and External penetration testing, perform security reviews of application covering all types of platforms (Native Windows, Mac & Linux application, web application, web services, mobile applications, SaaS etc.)

• Develop and implement information security policies and procedures.

• Evaluate new products, methods, & technologies to protect against existing & emerging security threats.
• Conduct External and Internal vulnerability assessment and penetration testing, R&D on testing tools, techniques, and process improvements.

• Work closely with cross-functional organizations, project teams and clients to develop project schedules, execute test plans and cases and deliver high quality products.

• Recommend solutions for the vulnerabilities / security issues discovered at the time of penetration testing. Should prioritize and manage multiple tasks.

• Manage overall Incident Response processes for internal & external Incidents.

• Proactively manage activities in Security calendar of organization

• On-call support for weekend deployment of security changes.

• Bring innovation in overall processes for better management and improving efficiencies.

• Understand and manage audit requirements of PCI DSS, SSAE 16 SOC1, SOC2 standards

• Work with Security team to provide awareness and training to employees on security aspects in Information eco systems

• Execute & Manage end-point security on firewalls and other systems, proof-of-concepts etc.

• Engage with Industry and community in learning latest industry progress on risk and compliance side.
• Periodic review of alerts, log files, VA PT reports and take appropriate actions

• Assist customers and internal teams in defining and responding to RFPs / RFIs.

Note: Applications have been closed.


Recent jobs at HighRadius Technologies


Viewed: 1177 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend