Information Security Manager

Manager

It's fun to work in a company where people truly BELIEVE in what they are doing!

We're committed to bringing passion and customer focus to the business.

Job description

• The purpose of this job role is to manage Information Security Internal & External Vulnerability Assessment, Penetration Testing, Application Security Assessment, Source code review follow up, Wireless PT,  security Assessment, Secure Configuration Review, Vulnerability management domains to enhance threat detection and mitigation capabilities. This role is additionally responsible for enhancing cyber assurance and appropriate regulatory reporting of cyber security aspects.
• Key Accountabilities
  Vulnerability management and Penetration Testing
  Application security
  Virtualization and container technologies (Docker, Kubernetes, OpenShift).
  API Security
  CI/CD assessment
  IS Related compliance and regulatory reporting

Job Duties & responsibilities:

Vulnerability Management:
Manage periodic internal and external VA scanning for Servers.
Analyze and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization
Maintain intelligence network to discover any reported exploits, zero day vulnerabilities and its applicability.
Experience with tools such as Rapid7, Nessus, Metasploit, QualysGuard, etc.
Security Testing & Application Security:
Manage annual security testing program for the existing and new production systems.
Maintain tools and environment to support security testing, working with internal teams and consultants as required
Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization s SDL.
Manage and update Key Performance Indicators (KPI s) for the Application Security Assurance Program
Manage the application security threat modeling process and coordinate application threat models against the Organization s applications
Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts).
Manage new projects and initiatives related to application security as needs arise
Coordinate with ASAP team members to track internal audit and regulatory

assessments and address requests related to the Application Pentest, SAST ,DAST and SCR (Source code review)

Lead and execute mobile app security testing for Android and iOS platforms.

Perform both automated and manual penetration testing including:

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Runtime instrumentation and analysis

Reverse engineer APKs/IPAs to identify vulnerabilities such as hardcoded secrets and logic flaws.

Identify and report security issues based on OWASP Mobile Top 10, insecure storage, transport layer issues, and platform-specific flaws.

Provides regular status updates on all assigned tasks and deliverables.
Maintains issue logs, tracks/follows up on problems.

Requirements
Overall 6+ years on experience in Information/Cyber Security
Experience in vulnerability management and application security for 7+ years

Education / Preferred Qualifications

Graduation: BE IT/Computers/Electronics, B.Sc - Computers, M.Sc - Computers

Certification like CISSP, CISM, SANS, OSCP/OSCE and CREST (Prefered)

Technical Competencies
VAPT - Rapid7, Nessus, Metasploit, QualysGuard, Burpsuite ,CI/CD tool etc.
Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

Not the right fit?  Let us know you're interested in a future opportunity by clicking Introduce Yourself in the top-right corner of the page or create an account to set up email alerts as new job postings become available that meet your interest!

Experience Level

Mid Level