This job ad has been posted over 30 days ago...



Lead Consultant Information Security Risk Testing Full-time

at HSBC Software Development in Pune (Published at 19-06-2013)

Position Summary:

Thought leadership in application security test domain, increase testing function capability. Provide expert consultation on Application Security Risks which will ensure the security of the company's custom applications and related implementations by identifying potential vulnerabilities and appropriate controls, guiding risk mitigation, and liaising directly with engineering and management teams, business owners, and global technical workgroups.

Principal Accountabilities:

• Coordinate tests and test resources, schedule multiple locations and countries.
• Run evaluations of new security testing technologies and provide recommendations.
Develop technical competitions and test lab exercises to enhance the testing capability
Provide guidance on hacking techniques and insider and outsider threats
Perform highly technical/analytical security assessments of custom web applications, mid-tier application services and backend mainframe applications, including manual penetration testing, source code and configuration review.
• Clearly and professionally document root cause and risk analysis of all findings and coach junior testers on the same
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
• Advise on vulnerability remediation, control implementation and secure development practices
• Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
• Ensure that company security policies are implemented, enforced, and enhanced when appropriate
• Participate in team discussions to formulate new or enhance existing processes and standards
• Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and operational loss events
• Monitor security industry information sources and keep abreast of events, research, and developments
• Other responsibilities as assigned

Knowledge, Skills & Abilities

Must have:
• Advanced understanding of Application Security concepts
• Proven hands-on experience in application security testing
• Strong, demonstrable aptitude for and interest in information security and application security

Other requirements
• Advanced knowledge of common web technologies, including browsers, HTTP, HTML and javascript
• Knowledge of Java programming, application design and commong security issues
• Advanced knowledge of common security analysis tools and testing techniques
• Strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.)
• Strong written communication (writing sample to be requested)
• Polished and professional verbal communication skills, experienced facilitator and briefer
• Ability to adapt and apply information to new scenarios and technologies

Preferred qualifications:
• Strong understanding of software development lifecycles
• Strong understanding of Java programming or other programming experience.
• Relevant professional certifications or working towards attainment: GCIH/GSEC, CISSP, CEH
• Knowledge of Unix-based platforms, application and network security technologies
• Knowledge of mainframe platform and development
• Strong understanding of web-based application architectures (Apache, J2EE, Portal)
• Strong understanding of SQL, LDAP, MQ and other application protocols
• Strong understanding of applied use of cryptography in application development

• 10+ years of information security experience.

Technical Security skills – Automated source code scanning, fuzzing and other more advanced web application testing tools, more advanced testing issues and techniques for web applications.

Note: Applications have been closed.

Viewed: 1628 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend