Job description
Key Responsibilities :
Applications Security Testing:
Perform security testing for applications (web/mobile) security functionality and resiliency from attacks.
Perform applications (web/mobile) security testing to identify potential flaws in codes and provide recommendations for vulnerability mitigation and ensure their application.
Perform application (web/mobile) testing, under all transparency conditions, code reviews and reverse engineering.
Recognize security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
Translate security requirements into application design elements, including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
Perform penetration testing as required for new or updated applications.
Recommend and ensure the implementation of defensive functions (e.g., encryption, access control, and identity management) to reduce applications exploitation opportunities.
Recommend and ensure the implementation of countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in applications and elements
Vulnerability Assessment and Penetration Testing Management:
Conduct and/or support authorized internal/external penetration testing and vulnerability assessment on DSG network/infrastructure assets.
Maintain deployable computer network defense (CND) audit/assessment toolkit (e.g., specialized computer network defense [CND] software/ hardware) to support computer network defense (CND) audit/assessment missions
Prepare audit/assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, and supporting infrastructure)
Assist with the selection of security controls to mitigate risks discovered during the assessments. (e.g., protection of information, systems, and processes)
Security testing management and training:
Organize and perform social engineering, physical and red team testing engagements
Scope security-testing requirements for both internal and external facing applications with external testing providers, whenever required.
Develop the required reports to indicate the results of testing and retesting catering to the recipient of the report.
Develop an organization wide security testing methodology and process and ensure that it is followed.
Develop periodic high-level reports to reflect trends in the results of the security assessments performed and their nature.
Coordinate with teams responsible for the scope of testing on the closure of testing findings and conduct proper follow up to ensure the same.
Mentor, Transfer knowledge and train junior level security testers on all security testing principles, methods and tools.
Technical Competencies :
Vulnerabilities Assessment
Skill in conducting vulnerability scans and recognizing vulnerabilities in applications and systems
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit)
Knowledge of system and application security threats and vulnerabilities
Skill in designing countermeasures to identified security risks
Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
Skill in the use of penetration testing tools and techniques
Skill in using network analysis tools to identify vulnerabilities.
Computer Languages:
Knowledge of low-level computer languages (e.g., assembly languages)
Knowledge of secure coding techniques
Knowledge of programming language structures and logic
Knowledge of interpreted and compiled computer languages.
Information Systems/Network Security:
Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization)
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Years Of Experience Required :
Overall 5+ years’ experience working in a large-scale IT environment with focus on Information Security.
Minimum 4-year experience in Security Testing
Minimum 3-year experience in IT Security.
Suggested Certifications:-
ISC2 Certified Information Systems Security Professional (CISSP)
SANS certifications
CEH
Education:-
Master or Bachelor’s Degree or 3 years of college courses in either Computer Science or Information Technology
Click on THIS link to apply.
Key Responsibilities :
Applications Security Testing:
Perform security testing for applications (web/mobile) security functionality and resiliency from attacks.
Perform applications (web/mobile) security testing to identify potential flaws in codes and provide recommendations for vulnerability mitigation and ensure their application.
Perform application (web/mobile) testing, under all transparency conditions, code reviews and reverse engineering.
Recognize security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
Translate security requirements into application design elements, including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
Perform penetration testing as required for new or updated applications.
Recommend and ensure the implementation of defensive functions (e.g., encryption, access control, and identity management) to reduce applications exploitation opportunities.
Recommend and ensure the implementation of countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in applications and elements
Vulnerability Assessment and Penetration Testing Management:
Conduct and/or support authorized internal/external penetration testing and vulnerability assessment on DSG network/infrastructure assets.
Maintain deployable computer network defense (CND) audit/assessment toolkit (e.g., specialized computer network defense [CND] software/ hardware) to support computer network defense (CND) audit/assessment missions
Prepare audit/assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, and supporting infrastructure)
Assist with the selection of security controls to mitigate risks discovered during the assessments. (e.g., protection of information, systems, and processes)
Security testing management and training:
Organize and perform social engineering, physical and red team testing engagements
Scope security-testing requirements for both internal and external facing applications with external testing providers, whenever required.
Develop the required reports to indicate the results of testing and retesting catering to the recipient of the report.
Develop an organization wide security testing methodology and process and ensure that it is followed.
Develop periodic high-level reports to reflect trends in the results of the security assessments performed and their nature.
Coordinate with teams responsible for the scope of testing on the closure of testing findings and conduct proper follow up to ensure the same.
Mentor, Transfer knowledge and train junior level security testers on all security testing principles, methods and tools.
Technical Competencies :
Vulnerabilities Assessment
Skill in conducting vulnerability scans and recognizing vulnerabilities in applications and systems
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit)
Knowledge of system and application security threats and vulnerabilities
Skill in designing countermeasures to identified security risks
Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
Skill in the use of penetration testing tools and techniques
Skill in using network analysis tools to identify vulnerabilities.
Computer Languages:
Knowledge of low-level computer languages (e.g., assembly languages)
Knowledge of secure coding techniques
Knowledge of programming language structures and logic
Knowledge of interpreted and compiled computer languages.
Information Systems/Network Security:
Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization)
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Years Of Experience Required :
Overall 5+ years’ experience working in a large-scale IT environment with focus on Information Security.
Minimum 4-year experience in Security Testing
Minimum 3-year experience in IT Security.
Suggested Certifications:-
ISC2 Certified Information Systems Security Professional (CISSP)
SANS certifications
CEH
Education:-
Master or Bachelor’s Degree or 3 years of college courses in either Computer Science or Information Technology
Click on THIS link to apply.
No comments:
Post a Comment