Job
Description
You will be responsible for conducting internal / third-party Ethical Hacking, Vulnerability Assessment, Penetration Testing, and Red Team assessments on business-critical assets and processes. Additionally, you will liaise with external ethical hacking / penetration testing teams for RBI projects and coordinate with the security intelligence framework to stay updated on the latest threats & vulnerabilities. Your role will involve preparing security effectiveness reports for management and testing applications / systems for compliance with RBI / ReBIT Information Security practices. You will also be tasked with ensuring that new applications are inducted into the Data centre only after conducting pen testing / vulnerability assessment. Prioritizing security vulnerabilities identified in ethical hacking, penetration testing, and application / system testing based on business impact and updating the Security operations team for mitigation will also be part of your responsibilities. Furthermore, you will be required to decide on the most relevant and applicable metrics for measuring security effectiveness and selecting the appropriate algorithms for their quantification. If necessary, you will follow up on the closure of identified gaps and escalate as needed. Qualifications required for this role include a University degree in computer science or IT, along with 8+ years of Information Security experience. You should have at least 5+ years of experience in Penetration testing, Red teaming, and vulnerability assessment. Practical experience in evaluating the control environment through Ethical Hacking, Penetration Testing, and Red Team assessments is essential. Hands-on experience with black-box, grey-box penetration testing on platforms such as .Net, Java, as well as mobile testing on Android and iOS, is necessary. A high-level understanding of Security Architecture and Infrastructure, familiarity with best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, and Internet Engineering Task Force (IETF), and experience in project management are also required. Additionally, you should have the ability to develop a framework to test compliance of applications / systems. The company operates in the information technology industry and the job type is full-time. The work location is in person. Certifications required for this role are any two of the following: CISSP, CEH, OSCP, OSCE, GPEN. You will be responsible for conducting internal / third-party Ethical Hacking, Vulnerability Assessment, Penetration Testing, and Red Team assessments on business-critical assets and processes. Additionally, you will liaise with external ethical hacking / penetration testing teams for RBI projects and coordinate with the security intelligence framework to stay updated on the latest threats & vulnerabilities. Your role will involve preparing security effectiveness reports for management and testing applications / systems for compliance with RBI / ReBIT Information Security practices. You will also be tasked with ensuring that new applications are inducted into the Data centre only after conducting pen testing / vulnerability assessment. Prioritizing security vulnerabilities identified in ethical hacking, penetration testing, and application / system testing based on business impact and updating the Security operations team for mitigation will also be part of your responsibilities. Furthermore, you will be required to decide on the most relevant and applicable metrics for measuring security effectiveness and selecting the appropriate algorithms for their quantification. If necessary, you will follow up on the closure of identified gaps and escalate as needed. Qualifications required for this role include a University degree in computer science or IT, along with 8+ years of Information Security experience. You should have at least 5+ years of experience in Penetration testing, Red teaming, and vulnerability assessment. Practical experience in evaluating the control environment through Ethical Hacking, Penetration Testing, and Red Team assessments is essential. Hands-on experience with black-box, grey-box penetration testing on platforms such as .Net, Java, as well as mobile testing on Android and iOS, is necessary. A high-level understanding of Security Architecture and Infrastructure, familiarity with best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, and Internet Engineering Task Force (IETF), and experience in project management are also required. Additionally, you should have the ability to develop a framework to test compliance of applications / systems. The company operates in the information technology industry and the job type is full-time. The work location is in person. Certifications required for this role are any two of the following: CISSP, CEH, OSCP, OSCE, GPEN.
