Security Testing Lead - VAPT

<p>Job Description :<br/><br/>Information Security - SOC and Security Testing Lead<br/><br/>Role and Responsibilities :<br/><br/>- Participate in information Security Risk Management initiatives<br/><br/>- Lead the Security Testing program (VA/PT, Red Team, DFRA etc) and achieve regulatory compliance.<br/><br/>- Present Security Dashboard to respective stake holder on periodic basis<br/><br/>- Prepare Security testing calendar and initiate testing accordingly<br/><br/>- Liaising with IT/ Digital/ Business Team for information assets and initiate security testing.

<br/><br/>- Follow up with respective stake holders for tracking and closure of vulnerabilities.<br/><br/>- Liaison with SOC providers for organisation's requirement and vice versa.<br/><br/>- Be a first responder for the true positive offense handed over by the security monitoring team.<br/><br/>- Owner of Cyber Crisis Management plan (CCMP), integration of CCMP with SOC <br/><br/>- Conduct detailed analytical queries and investigations, identify indicators of compromise (IOC) or Indicators of Attack (IoA) that need further investigation, and develop use cases and rules.<br/><br/>- Hands-on experience in static and dynamic malware analysis.<br/><br/>- Hands-on experience in event and log analysis on Windows endpoints<br/><br/>- Understanding on cloud hosting and SOC/ SIEM integration with CSPs. <br/><br/>- Conduct Data Flow Analysis to identify critical data<br/><br/>- To Manage the Data Leakage Prevention (DLP) tool, configure the DLP policies as per business requirements<br/><br/>- Report DLP incidents to stake holders on daily/ periodic basis<br/><br/>- Develop and Maintain Information Security Policies, Processes and standards/guidelines specific to DLP/ security testing domains.

<br/><br/>- Assist in IT Compliance drive for Information & Cyber Security Requirements (e.g. regulatory, ISO27001 standards, IT Act, UIDAI, CERT-In, SEBI).<br/><br/>- Assist internal and external IT/ regulatory/ compliance Audits.<br/><br/>- Maintain Information Security Key Risk indicators (IT Compliance parameters) and present in committee meetings <br/><br/>- Drive and execute Information Security awareness related activities.

<br/><br/>- Drive Information Security projects/ implementation & tracking its activities.<br/><br/>- Lead the Design, Review and implementation of security initiatives and projects<br/><br/>Skills & Competencies<br/><br/>- Should have executed Security Testing program for web, mobile applications and infrastructure.<br/><br/>- Should have experience in management of VA/PT program.<br/><br/>- Ability to manage MSSP/SOC operations independently.<br/><br/>- Experience in deployment of various tools like DLP, Compliance tracker.<br/><br/>- Should be strong in driving compliance activities along with technical skills.<br/><br/>- Good verbal & written communication skills.<br/><br/>- Capability to drive activities with minimal guidance.<br/><br/>- Strong knowledge of incident management, incident mitigation, closure and containment.<br/><br/>- Working knowledge of Data Leakage Prevention (DLP) solutions is an added advantage.<br/><br/> Qualification & Experience :<br/><br/>- Bachelor's / Master's degree in Computer Science, Information Technology, MBA in Information Systems, Information Security Management<br/><br/>- Excellent oral and written communication skills and interpersonal skills.<br/><br/>- Experience of BFSI / consulting industry will be preferred<br/><br/>- Certifications like CISSP, CISA, CISM, Cloud Security is an added advantage</p> (ref:hirist.tech)