Job Description:
- Adhering to best practices, and alignment with the Customer’s security requirements for project execution, documentation, and reporting
- Profiling Information assets, processing change requests, security help desk for external vendor reviews.
- Facilitate CIA rating by business/ IT for new applications/ major CRs on Asset Registers.
- Should review best practice guides for securing and hardening systems and network devices
- Evaluate third party applications & maintain a register/ repository of security evaluations of the third party service provider along with associated documents.
- Assist in formulating the Third Party Security Audit calendar to ensure comprehensive coverage of samples of all types.
- Monitor the closure of gaps identified in the third party security audit and additionally disseminate learning across the segment of Third Parties based on sample audit.
- Acquire and disseminate knowledge of latest security technology developments from tech blogs, Bulletin Boards, sites like NIST, SANS, etc
- Responsible for Project deliverables, team management and Project management.
- Contribute to practice development by creating reusable components and document key project-learning within the consulting practice
Desired Profile:
- Excellent analytical, communication, documentation and presentation skills.
- Candidate should have B.E, MS (Computer Science / E&C) with a good hold on the Java, .Net, PHP based web technologies or scripting in Perl/Ruby/Php/Python.
- Should posses sound understanding in information security fundamentals, systems security and controls such as ISO 27001
- Proven experience of penetration testing for web based application and use of backtrack based tools and other open source / commercial tools.
- Excellent project, time management and prioritization skills
- Interaction with multi-disciplinary teams for timely meeting of key project milestones and checkpoints
- Understanding of managed services business and the significance of SLAs SOPs, periodic reporting and escalation matrices
- Should posses sound knowledge of hardening, patch management, VA/PT
Learn more about our Security Verification Services.