83

applicants

IT Security Full-time

at HighRadius Technologies in Hyderabad (Published at 08-09-2017)

JOB DESCRIPTION

Position Title: Security Engineer
Department: Information Security
Reports to: Director– Security & Compliance
Location: Hyderabad

POSITION SUMMARY

This role is very important and critical in defining and maintain security framework in and
around information systems within the organization. The position requires deep understanding
of how things in security industry with extreme granular details of attack patterns, design of
thwart systems, continuous monitoring etc. Making architectural changes to meet day to day
changes in information eco-system in terms of evaluating functional changes from security
impact aspect, using best tools in figuring out latest threats, providing solution to extreme
challenged, is the central objective of this position. It is matter of interest that this position has
ample scope for growth in managing Risk & compliance, not only in terms of experimenting
new architectures for better security but also, making structural changes to information system
workflow, the way apps process information, the way information is secured at every level of
processing etc.

Summary of essential requirements

 0-2 years on Security testing using OWASP TOP 10, SANS 25, PCI standards as reference.
 Should have worked or trained exclusively on application and network penetration
testing(VAPT).
 Certification to CEH is a must. However, trained CEH with ability to demonstrate the
same, can also apply.
 Well versed with tools used in Security testing industry such as, Nmap, , w3af,
WebSecurity, WireShark, Nessus, sqlmap and Metaplot etc. Expertise on 2 tools at every
layer is highly preferred.
 Very good understanding of OWASP top 10 security issues
 Active involvement with community in discussions related to risk strategies, attack
patterns, compliance is an essential trait.
 Work under defined SLAs for clients and deliver projects on time within budget
 Ability to communicate technical impact and business risk using a risk based approach
following industry standard threat-risk ranking model
Keep oneself updated on the latest IT Security news, exploits, hacks.Ability to:
a. Quickly analyse all false positive issues
b. Work individually and take responsibility of entire security project
c. Interact with developers, communicate the issue and get the fix


Educational Qualifications & Skills

 Bachelor's or Master’s Degree
 Strong analytical skills to comprehend above technical skills on how to make and
break foolproof security systems
 Passion for learning information security and acquiring new skills when required
Would be handling below activities as part of day to day work:
• Perform OWASP Top 10 vulnerability scans
• Perform PCI grade network and penetration testing before and after major system
changes
• Plans and implement Risk ranking according to Information Systems policy.
• Implement robust change control and configuration management policies across all
environments
• Manage overall Incident Response processes.
• Participate in review of design level changes for assessing overall risk and compliance
impact
• Proactively manage patching of updates across eco system from risk and compliance.
• Manage periodic VAPT of key applications
• Understand and manage audit requirements of PCI DSS, SSAE 16 SOC1, SOC2 standards
• Work with Security team to provide awareness and training to employees on security
aspects in Information eco systems
• Collaborate with Infrastructure team creating and implementing baselines for all in-
scope systems and components
• Bring innovation in overall processes for better management and improving efficiencies.
• Periodic review of alerts, log files, VA PT reports and take appropriate actions
• Work closely with Developer community in implementing security frameworks
• Managing end-point security on firewalls and other systems.
• Proactively manage activities in Security calendar of organization.
• Engage with community in learning latest industry progress on risk and compliance side.
• On-call support for weekend deployment of security changes.


Recent jobs at HighRadius Technologies


Viewed: 541 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend