Reporting Structure

Reports to Senior Manager – VAPT

Education

• University degree in the field of computer science or IT.

Experience/ Qualifications

• 5+ years of Information Security background is essential.
• Experience in evaluating the control environment through Ethical Hacking, Penetration Testing, Red Team assessments.
• Evaluation of security technologies to detect vulnerabilities
• A high level appreciation of Security Architecture and Infrastructure
• Should be familiar with the best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, Internet Engineering Task Force (IETF)
• Develop a framework to test compliance of applications / systems.
• Experience in project management

Industry

• Information technology

Responsibilities

• Conduct  internal / third-party Ethical Hacking / Vulnerability Assessment / Penetration Testing, Red Team assessment on business critical assets and processes
• Liaison with external ethical hacking / penetration testing for RBI projects
• Coordinate with security intelligence framework to obtain latest threats & vulnerabilities
• Prepare security effectiveness reports for management
• Testing the applications / systems for compliance to RBI / ReBIT Information Security practices
• Ensure new applications are inducted into Data centre after conducting pen testing / vulnerability assessment
• Prioritizing security vulnerabilities identified in ethical hacking, penetration testing and application / system testing based on business impact and update Security operations team for mitigating them
• Follow up on closure of these gaps and escalate when necessary
• Deciding the most relevant and applicable metrics for measuring security effectiveness and deciding on the requisite algorithms for their quantification

Certifications (any two)

• CISM / CISA / CISSP
• CEH / OSCP / OSCE / GPEN
• ISO27001 LA / LI certification would be an added advantage