Reporting Structure

Reports to Senior Manager – VAPT

Education

University degree in the field of computer science or IT.

Experience/ Qualification

• 5+ years of Information Security background is essential.

• Experience in evaluating the control environment through Ethical Hacking, Penetration Testing, Red Team assessments.

• Evaluation of security technologies to detect vulnerabilities

• A high level appreciation of Security Architecture and Infrastructure

• Should be familiar with the best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, Internet Engineering Task Force (IETF)

• Develop a framework to test compliance of applications / systems.

• Experience in project management

Industry

Information technology

Responsibilities

• Conduct internal / third-party Ethical Hacking / Vulnerability Assessment / Penetration Testing, Red Team assessment on business critical assets and processes

• Liaison with external ethical hacking / penetration testing for RBI projects

• Coordinate with security intelligence framework to obtain latest threats & vulnerabilities

• Prepare security effectiveness reports for management

• Testing the applications / systems for compliance to RBI / ReBIT Information Security practices

• Ensure new applications are inducted into Data centre after conducting pen testing / vulnerability assessment

• Prioritizing security vulnerabilities identified in ethical hacking, penetration testing and application / system testing based on business impact and update Security operations team for mitigating them

• Follow up on closure of these gaps and escalate when necessary

• Deciding the most relevant and applicable metrics for measuring security effectiveness and deciding on the requisite algorithms for their quantification

Certifications (Any two)

• CISM / CISA / CISSP

• CEH / OSCP / OSCE / GPEN

• ISO27001 LA / LI certification would be an added advantage