This job ad has been posted over 30 days ago...



Information Security Engineer-with Application Security Level I Full-time

at Birlasoft Limited in Chennai (Published at 24-12-2014)

Exp : 3-5 yrs

Shift : Check for comfortableness for rotational shift(1st shift 6 am-2 Pm, 2 pm -10pm and 10 pm-6 am)

Location: Chennai

Primary Skills:

• Academic/professional training to at least a Bachelor’s Degree or its international equivalent, preferably in Computer Science, or Computer Engineering (Mandatory);
• At least 3 years of practice as an Information Security Engineer (Mandatory);
• At least 1 year of hands on testing of application security (Mandatory);
• Demonstrated knowledge of running web application testing tools (e.g., Cenzic Hailstorm /HP Web Inspect), identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan (Mandatory);
• Proven level of understanding of web application technologies (Java, .NET, Drupal) and database management systems (Oracle, MS SQL, etc.) and related security concepts (Mandatory);
• In-depth knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc. (Mandatory);
• Experience with testing ERP solutions (e.g., SAP and PeopleSoft) (Optional);
• Experience with security vulnerability evaluation of proposed implementation of COTS solutions and application middle ware (including collaboration tools like Documentum, Sharepoint, etc.) (Optional);
• Demonstrable skills in identifying and mitigating security weaknesses, and incorporating security into enterprise software development lifecycles (Optional);
• Proven level of understanding of Windows and UNIX operating systems and operation/configuration of common web servers as IIS and Apache is a plus (Optional);
• Proven level of understanding of HTML, Java script, PHP, Java, C++, C# is a plus (Optional);
• Proven level of understanding of social collaboration, documentation or web content management platforms is a plus (Optional);
• Proven level of understanding of mobile application platforms is a plus (Optional);
• Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility (Mandatory);
• Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results (Mandatory);
• Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP), and Information Systems Security Management Professional (ISSMP) (Optional);
• Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers (Mandatory);
• Ability to collaborate with business stakeholders to identify requirements and drive compliance with approved standards (Mandatory).

•Review the security architecture evaluation of WBG new systems and create security test plans based on existing and planned controls and recommendations.
•Perform security analysis of the different layers of the systems (application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners (Cenzic Hailstorm /HP Web Inspect/ NGSSquirrel, Nessus).
•Review scanner reports and work with the application development community to remediate issues following a risk based approach.
•Work with DBA, network operations and application development teams, to discuss vulnerabilities through recommending and monitoring of remediation activities.
•Maintain detailed documentation of test procedures and findings in ITSSR ticketing system.
•Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
•Analyze existing and proposed processes and products and produce technical accreditation reports.
•Interface with scanning vendors and the development teams to prepare C&A requests, oversee vendor scanning, interpreting results and discussing remediation recommendations with development teams.

Job Location: Chennai

Experience Level: 3+ yrs (Relevant)

Note: Applications have been closed.

Recent jobs at Birlasoft Limited

Viewed: 1445 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend