This job ad has been posted over 30 days ago...



Information Security Officer (Application Security) Full-time

at Cox & Kings in Mumbai (Published at 23-05-2012)

Information Security Officer (Application Security) X 1

Net Experience in Application Development & Information Security –

Application Development, 4-5 Years

Information Security, at least 2-3 Years

Education Background –

The candidate should have ideally be a PG degree in Technology. Acceptable candidates will be B.E., B.Sc (IT / Comp Sc) or B.Tech from recognized universities. We would not consider candidates who have attained their qualifications from open universities or by distance learning.

Technical / Professional certifications –

CEH, LPT, CISA, CISSP, CISM, ISO 27001 (LA or LI). All certifications are not mandatory, they will however be advantageous.

Well aware of OWASP software testing methodology & OWASP Application Security Verification Standard (ASVS)

Hand-on experience on software testing tools and scanners.

Excellent understanding of Software maturity models like CMMi, SAMM & BSIMM.

Experience from previous engagements –

The candidate should have solid hands-on experience in application development. Should have been involved hands-on (not just overseeing or supervising) in at least 2 entire end-to-end SDLC’s.

The ideal candidate will provide subject matter expertise in application security assessments & management.

Perform internal verification of critical applications that protect life and safety, critical infrastructure, or defense functions according to OWASP ASVS verification requirements.

Define web application security architectures by grouping application components into a high-level architecture (for example MVC controller components, business function components, and data layer components), including defining the relationships between components and groups of components.

Analyze multiple instances of vulnerability patterns that can be traced to single root causes that can be combined into a single risk.

Perform design verification of applications that handle significant business-to-business transactions, including those that process financial, private & personal information.

Ensure that security controls themselves are working correctly, and that security controls are used everywhere within the application that they need to be used to enforce application-specific policies.

Ensure that secure coding practices were followed. Create verification reports that detail the web application security architecture, and the results of the verification according to the defined corporate reporting requirements.

Detailed understanding of Policy/procedure drafting, control auditing & information gathering.

The candidate should be well versed with industry standard risk assessment processes and procedures.

Should have good vendor management skills.

Should have a basic understanding of international compliance standards like PCI, SoX & SAS 70.

Soft skills –

The candidate will need to have excellent communication skills, as he will be required to interact on a routine basis with multiple stakeholders. The candidate should be clear & precise, in both written & verbal communication.

The candidate will be required to create and manage a lot of documentation. The candidate should be well organized and should disciplined.

Should be well read & should keep abreast about the latest Information Security & privacy, legislations, changes in laws, advisories & vulnerabilities.

Should be able to conduct trainings or interactive sessions in small groups.

- Dhananjay Rokde

Note: Applications have been closed.

Recent jobs at Cox & Kings

Viewed: 2839 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend