Information Security Consulting has strong web and/or mobile application development, coding and security skills. 5 years experience in Infra, Application development and AWS security
He must perform security assessments of a wide variety of web applications, web services, mobile applications, and more. He should be ready to get started quickly and is eager to learn some new skills.
Primary Job Duties
- Coordinating and Conducting application security assessments and penetration tests ,security code tests(web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of tools such as code review tools such. We expect to have experience doing similar assessments.
- Coordinating with SOC and third-party assessors and auditors to streamline operations and enhance security in TataSky
- Review assessment results and consult with the process owners on remediation options and to close the findings.
- Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of your retesting.
- Leading other infra, AWS, AZURE and application security related projects, such as helping process owners build security into their software development life cycles, performing application security design reviews, etc.
- Secure Application Development and Application Security Testing
- Assisting with security assessment and reporting methodology enhancements.
- Several years of experience developing web and/or mobile applications, preferably e-commerce, or business applications that face the Internet. (required)
- Knowledge of the all protocol and how it works.
- Knowledge in AWS and AZURE
- Experience performing application security testing using manual techniques plus runtime vulnerability testing tools and/or code review tools.
- Experience with network/infrastructure-level penetration testing (nice to have, but not necessary)
- Implementing security programs initiated with TataSky
- Developing / reviewing / updating information security policies, procedures guidelines on a periodic basis
- Co-ordinating supporting incident handling recovery (including disaster recovery) activities
- Responsible for security operations management, security implementation and scheduled auditing.
- To comply with the requirements of the standard and with relevant legislation or regulations;
- To comply with identified information security requirements;
- To ensure correct implementation and maintenance;
- To ensure operations run as planned.
- Developing an audit program that will take into account the status and importance of processes and of the locations to be audited, as well as the results of prior audits;
- Defining criteria, scope, frequency and methods for audits;
- Planning and initiation of audits, reviewing the records and preparing and issuing reports
Support and Perform the Audit work
- Performing the planned tasks
- Recording the evidence of performance
- Identifying where auditor s performance is not satisfactory
- Identifying areas of improvement in the activity
- Provide training support to departmental personnel on information security aspects
Reviewing the work
- Confirm that conclusions are properly supported by evidence
- Confirm complete performance of the plan
Reporting and follow up
- Follow up (often in next audits)
- Amend overall audit programme as required and identify improvements in audit processes
- Ensure implementation/deployment of security standards/requirements as defined in Information Security Policy and Guidelines. These include system security updates/patches, application security standards, anti-virus updates etc. They will take the assistance of the system administrators for actual deployment.
- Provide feedback to the management on adequacy of the Corporate Information Security Policy and Guidelines for the division.
- Provide inputs to the management for specific information security needs of the division and the solutions requirements.
- Provide support and take required actions to manage incidents occurring in TataSky and escalate the same to the Security Manager / Incident Response Team.
- Provide training support to departmental personnel on information security aspects.
- Responsible for evaluating the products and providing the guidelines to management for to select the product.
- Responsible for to close the audit findings
- Solid written and verbal communication skills.
- Willingness to do hands-on, highly technical work.
- Strong customer focus. The goal should be to make customers happy enough that they ask for you to be called back to do more work for them.
- Desire to learn new things and be a participant in the local information security community.
- Engineerign Graduate - Computers\Security
- Five years experince in Security testing , Coding, Security assessments, Ethical Hacking, Penetration tests, ISO27001 skills