Associate Security Consultant

• Performs Vulnerability Assessment and Penetration Testing
• SME in Infrastructure and/or Application Security and provides consultative recommendations in discussions related to Vulnerability Assessment and Penetration Testing
• Uses manual testing techniques and methods to gain a better understanding of the applications/mobile app environment and reduce false negatives.
• Documents findings and recommendations, and present with stakeholders from technical team (Development, Infrastructure) and non-technical team (Operations, Management)

Qualification

• Has more than 3 years experience in Information Technology
• Specific 2-3 years experience in security testing (VAPT, Source Code Review, Configuration Review, Architecture Review, Controls Review) (Preferred)
• Strong knowledge in System & Network Infrastructure, API and Mobile Application Development (Preferred)
• In-depth knowledge of OWASP Top 10 and CVEs, and the ability to effectively communicate methodologies and techniques with development teams and operations
• Basic knowledge on information security standards and guidelines such ISO 27001/2, NIST, and CIS
• Hands-on experience with security testing tools such as Nessus, Burpsuite, Qualys and others
• Understanding of Cloud Compute, Storage, Security and Virtualization best practice
• Experience of working on Unix, Windows & Linux platform
• Has good communication skills to explain technical details with both technical team and non-technical team
• Has at least one of the following certifications:
• EC Council CEH or Mile2 CPEH (Preferred Primary)
• CompTIA Security +
• ISMS Lead Auditor or ISACA CISA
• Other certifications with ISC2, CompTIA, EC Council, OSCP, CREST or SANS