Reporting Structure

Reports to Sr. Manager - Systems Audit

Education

Graduate in Computer Science or B. Tech or BCA

Industry

Information technology / Financial services

Experience

• 5 + years of experience in Audits and Risk assessment services of web and client based applications

• Must have experience in conducting risk assessment of business and support applications

• At least 2 years of experience in mobile applications assessment/audits in a medium to large enterprise

• Must have hands-on experience in evaluating OWASP security practices for applications

• Must have experience in Coding and application development

• Strong knowledge of programming languages for application and mobile

• Experience in carrying out code review and black/grey/white box testing is a plus

• Excellent written, oral communication and presentation skills

• Excellent organizational, communication and interpersonal skills

• Ability to work independently or as part of a team

Responsibility

• Developing project plans, work programs, evaluating system controls, documenting results, making recommendations, and communicating information to stakeholders

• Conduct Audit of the web, mobile and client based applications- internal and those exposed to the Internet

• Audit of application design components, User Access Control, Website communication, application layer, interfaces to databases etc

• Audit change management, patch management, incident management, backup management

• Audit the development practises (S-SDLC) and coding practises

• Develop and maintain audit checklist and documents

• Review the Vulnerability assessment and penetration test reports for effectiveness

• Research public domain to keep up to date knowledge on latest Application Security threats and vulnerabilities

Certifications

• MCSD

• Certification in Mobile application Security testing

• CISA

• Oracle certified, Java certifications