Job Description

Department: IT Reporting to: CTO We are seeking a skilled and experienced IT Security Professional with a primary focus on Application Level Security and a solid understanding of Server Level Security. The ideal candidate will be responsible for ensuring the security of our software applications and underlying servers, safeguarding against threats, vulnerabilities, and unauthorized access. This role requires a deep knowledge of security practices, the ability to assess and mitigate risks, and collaboration with development and operations teams to integrate security into the software development lifecycle (SDLC). Key Responsibilities: 1. Application Level Security: Conduct security assessments and vulnerability analysis of web and mobile applications. Implement secure coding practices and review application code for security flaws. Perform penetration testing on applications to identify and rectify security vulnerabilities. Develop and maintain security controls within applications to prevent unauthorized access, data breaches, and other cyber threats. Collaborate with development teams to ensure security is integrated into the software development lifecycle (SDLC). Implement and manage application firewalls, security gateways, and encryption technologies. Strong understanding of network security, web application security, API Security across public and private networks. Experience in Black Box and Gray Box testing with the capability of finding business logic vulnerabilities Knowledge in performing VAPT as per OWASP Top 10 and SANS Top 25 including Broken Access Controls, SQL Injection, Security Misconfiguration, Cross-Site Scripting, CSRF, and authentication / authorization issues. Proficient in both manual and automated tool-based testing for these vulnerabilities. Tools Awareness Nmap, Nessus, SSL Scan, burp Suite, SQL map, OWASP ZAP, Metasploit, Wireshark, Kali-Linux, Nikto, Nipper, Postman, Dir buster etc 2. Server Level Security: Assess and improve the security posture of servers hosting critical applications. Implement and manage server security measures, including firewalls, intrusion detection systems (IDS), and security patches. Conduct regular security audits and vulnerability assessments on server infrastructure. Monitor server logs and alerts to detect and respond to potential security incidents. Collaborate with system administrators to ensure servers are configured securely and comply with industry standards. Understanding of OSI Layer, TCP/IP, IPv4 & IPv6 and various Network Protocols. Good knowledge of firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation. 3. Risk Management and Compliance: Identify and evaluate security risks related to applications and servers, and implement mitigation strategies. Ensure compliance with relevant security standards, regulations, and best practices (e.g., OWASP, ISO 27001, PCI-DSS). Maintain and update security policies, procedures, and documentation related to application and server security. Participate in incident response activities, including investigating security breaches and implementing corrective actions. 4. Security Awareness and Training: Conduct security awareness training for development, operations, and other relevant teams. Stay up-to-date with the latest security trends, vulnerabilities, and technologies. Provide guidance and support to other IT teams on security best practices. 5. Continuous Improvement: Continuously monitor and improve application and server security measures. Evaluate and implement new security tools, technologies, and methodologies to enhance security. Participate in security research and development initiatives to advance the organizations security capabilities. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. Minimum of 5 years of experience in IT security, with a focus on application security and server security. Strong knowledge of security frameworks and standards (e.g., OWASP, NIST, CIS). Hands-on experience with security tools such as web application firewalls, IDS/IPS, vulnerability scanners, and encryption technologies. Proficiency in secure coding practices and experience with programming languages such as Java, Python, or C#. Experience with cloud security and securing applications in cloud environments (AWS, Azure, Google Cloud) is a plus. Certifications such as CISSP, CEH, OSCP, Certified Ethical Hacker or similar are highly desirable. Excellent problem-solving skills, with the ability to identify and mitigate security risks. Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders