Finding the best job has never been easier
Share
As an Information Security Analyst, candidate must focus on identifying and assessing vulnerabilities in software systems, Networks and mobile based application.
• The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments.
• Experience to work closely with Application Developers/architects to track the security defects to closure
• The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks.
• To actively contribute to the Vulnerability management efforts of the organization via developer query resolution on vulnerabilities and defect tracking to closure.
• Well versed with OWASP – Top Ten and WASC Threat Classifications
• Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
• Business‐Logic based application testing
• Penetration testing of Mobile applications and websites.
• Exploitation of the issues found and presenting the impact occurred
• Source Code Reviews - Well versed in Java Secure Code Review
• Expertise in Automated Scanning using CheckMarx and Fortify
• Well versed with OWASP Code Review concepts & identifiers
• Familiar with popular tools:
• Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark
• Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider
• Exploit Toolkits: Metasploit, Exploit DB etc.
Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them
• Strong expertise in security technologies and significant experiences in information technology focusing on security related vulnerabilities
• Good to have programming experience in Java, shell scripting, Perl, or Python
• Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
• Application Security Testing/Penetration Testing (Web based, Thick client, web services, Mobile) - Must
• Network Security Testing/Penetration Testing (Network, OS, Databases etc.)
• Static Code Analysis/ Secure Code Review - Must
• Security defect Tracking and working closely with Developers to fix the issue
• Bachelors or higher degree in Computer Science or equivalent experience
These jobs might be a good fit