Job Description

Job Description

Job Description

Candidate must havestrong manual penetration experience, as well as API testing.

• Manage, modify and tweak the Application and database security scan profile as per the company\'s baseline standards.
• Perform security analysis of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners (IBM AppScan and Guardium Database Scanner).
• Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS).
• Review the security architecture of Fund systems and create security test plans based on existing and planned controls and recommendations.
• Review scanner reports and work with the application development community to remediate issues following a risk based approach.
• Work with DBA and application development teams, to discuss vulnerabilities through recommending and monitoring of remediation activities.
• Maintain detailed documentation of test procedures and findings in the Vulnerability management system.
• Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
• Continuously monitor the published vulnerabilities for various application, operating system and database layer.
• Analyze the impact of the vulnerabilities on the Fund\'s environment and accordingly publish the advisories to the different stakeholders in the Fund.
• Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholder.

Education and Certifications:

• Academic/professional training to at least a Bachelors Degree or its international equivalent, preferably in Computer Science, or Computer Engineering.
• Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC).
• Certified Secure Software Lifecycle Professional (CSSLP), and Information Systems Security Management Professional (ISSMP).

Job Tags

Similar Jobs