Manager – VAPT

Mumbai India

Reporting Structure

Reports to Senior Manager – VAPT

Education

University degree in the field of computer science or IT.

Experience/ Qualification

  • 5+ years of Information Security background is essential.

  • Experience in evaluating the control environment through Ethical Hacking, Penetration Testing, Red Team assessments.

  • Evaluation of security technologies to detect vulnerabilities

  • A high level appreciation of Security Architecture and Infrastructure

  • Should be familiar with the best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, Internet Engineering Task Force (IETF)

  • Develop a framework to test compliance of applications / systems.

  • Experience in project management

Industry

Information technology

Responsibilities

  • Conduct internal / third-party Ethical Hacking / Vulnerability Assessment / Penetration Testing, Red Team assessment on business critical assets and processes

  • Liaison with external ethical hacking / penetration testing for RBI projects

  • Coordinate with security intelligence framework to obtain latest threats & vulnerabilities

  • Prepare security effectiveness reports for management

  • Testing the applications / systems for compliance to RBI / ReBIT Information Security practices

  • Ensure new applications are inducted into Data centre after conducting pen testing / vulnerability assessment

  • Prioritizing security vulnerabilities identified in ethical hacking, penetration testing and application / system testing based on business impact and update Security operations team for mitigating them

  • Follow up on closure of these gaps and escalate when necessary

  • Deciding the most relevant and applicable metrics for measuring security effectiveness and deciding on the requisite algorithms for their quantification

Certifications (Any two)

  • CISM / CISA / CISSP

  • CEH / OSCP / OSCE / GPEN

  • ISO27001 LA / LI certification would be an added advantage