This job ad has been posted over 30 days ago...



Information Security Officer (Application & Mobile Security Full-time

at Cox & Kings in Mumbai (Published at 28-07-2014)

Information Security Officer (Application & Mobile Security) X 1
Net Experience in Application Development & Information Security –
Application Development or related experience, 5-6 Years
Application & Mobile Security experience, at least 3-4 Years

Education Background –
The candidate should have ideally be a PG degree in Technology. Acceptable candidates will be B.E., B.Sc (IT / Comp Sc) or B.Tech from recognized universities. We would not consider candidates who have attained their qualifications from open universities or by distance learning.
Technical / Professional certifications –
CEH, LPT, CISA, CISSP, CISM, ISO 27001 (LA or LI). All certifications are not mandatory, they will however be advantageous.

Well aware of OWASP software testing methodology, WASC Threat Classification & OWASP Application Security Verification Standard (ASVS)
Hand-on experience on software testing tools and scanners.
Excellent understanding of Software maturity models like CMMi, SAMM & BSIMM.
Good knowledge of IT Infrastructure elements like networks, servers, virtualization, servers and messaging platforms.

Experience from previous engagements –
The candidate should have solid hands-on experience in application development. Should have been involved hands-on (not just overseeing or supervising) in at least 2 entire end-to-end SDLC’s.
The ideal candidate will provide subject matter expertise in application security assessments & management. Perform internal verification of critical applications that protect life and safety, critical infrastructure, or defense functions according to OWASP ASVS verification requirements.
Define web application security architectures by grouping application components into a high-level architecture (for example MVC controller components, business function components, and data layer components), including defining the relationships between components and groups of components.
Analyze multiple instances of vulnerability patterns that can be traced to single root causes that can be combined into a single risk. Perform design verification of applications that handle significant business-to-business transactions, including those that process financial, private & personal information.
Ensure that security controls themselves are working correctly, and that security controls are used everywhere within the application that they need to be used to enforce application-specific policies.
Ensure that secure coding practices were followed. Create verification reports that detail the web application security architecture, and the results of the verification according to the defined corporate reporting requirements.
Detailed understanding of Policy/procedure drafting, control auditing & information gathering.
The candidate should be well versed with industry standard risk assessment processes and procedures.
Should have good vendor management skills.
Should have a basic understanding of international compliance standards like PCI, SoX & SAS 70.

Mobile Application Security –
Should have worked on at least 3-4 mobile application assessment / development projects.
Should have knowledge of performing vulnerability assessments, penetration tests and performing architecture reviews of mobile applications.
Understand iOS, Android and Blackberry development platforms.
Should be able to operate without proprietary tools and utilize open-source tools to the maximum extent.

Soft skills –
The candidate will need to have excellent communication skills, as he will be required to interact on a routine basis with multiple stakeholders. The candidate should be clear & precise, in both written & verbal communication.
The candidate will be required to create and manage a lot of documentation. The candidate should be well organized and disciplined.
Should be well read & should keep abreast about the latest Information Security & privacy, legislations, changes in laws, advisories & vulnerabilities.
Big4 candidates will be given preference. Candidates with strong consulting experience preferred.
Should be able to conduct trainings or interactive sessions in small groups.

Note: Applications have been closed.

Recent jobs at Cox & Kings

Viewed: 1763 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend