1) Excellent analytical, communication, documentation and presentation skills.
2) Candidate should have B.E, MS (Computer Science / E&C) with a good hold on the Java, .Net, PHP based web technologies or scripting in Perl/Ruby/Php/Python.
3) Should possess sound understanding in information security fundamentals, systems security and controls such as ISO 27001
4) Proven experience of penetration testing for web-based application and use of backtrack based tools and other open sources/ commercial tools.
5) Excellent project, time management and prioritization skills
6) Interaction with multi-disciplinary teams for a timely meeting of key project milestones and checkpoints
7) Understanding of managed services business and the significance of SLAs SOPs, periodic reporting and escalation matrices
8) Should possess sound knowledge of hardening, patch management, VA/PT
1) Adhering to best practices, and alignment with the Customer’s security requirements for project execution, documentation, and reporting
2) Profiling Information assets, processing change requests, security help desk for external vendor reviews.
3) Facilitate CIA rating by business/ IT for new applications/ major CRs on Asset Registers.
4) Should review best practice guides for securing and hardening systems and network devices
5) Evaluate third-party applications & maintain a register/ repository of security evaluations of the third party service provider along with associated documents.
6) Assist in formulating the Third Party Security Audit calendar to ensure comprehensive coverage of samples of all types.
7) Monitor the closure of gaps identified in the third-party security audit and additionally disseminate learning across the segment of Third Parties based on sample audit.
8) Acquire and disseminate knowledge of the latest security technology developments from tech blogs, Bulletin Boards, sites like NIST, SANS, etc
9) Responsible for Project deliverables, team management and Project management.
10) Contribute to practice development by creating reusable components and document key project-learning within the consulting practice.