JOB SUMMARY
The successful applicant will be responsible for assessing the security posture of existing and proposed systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of information systems in accordance with the MLI’s business
objectives, regulatory requirements, and strategic goals.
KEY RESPONSIBILITIES
- Provide innovation within the context of the Vulnerability and Penetration Testing (VAPT) program in relation to both process and technology.
- Design, implement, and support VAPT solutions identified as necessary for the protection of organization’s assets.
- Serve as a Subject Matter Expert (SME) for the VAPT function.
- Serve as the system owner for common VAPT toolsets, platforms, and processes.
- Assess the sufficiency of policies, standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture.
- Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the CISO
- Provide input into security risk assessments by leveraging specialized knowledge.
- Work with DevSecOps team for continuous analysis and improvement.
- Report compliance failures to management for immediate remediation.
- Mentor junior members of the VAPT group and provide constructive consultation to other peer groups such as IT Development.
Assisting the Chief Information Security Officer in the fulfilment of responsibilities
MEASURES OF SUCCESS
Ensure quality and timely VAPT execution in line with industry best practices
Compliance to regulatory obligations
Improving operational efficiency and knowledge within the IS team
KEY RELATIONSHIPS (INTERNAL /EXTERNAL)
Business Functions, Third Parties and Control groups
KEY COMPETENCIES/SKILLS REQUIRED
VAPT, Configuration Reviews, Network Architecture reviews, Ethical Hacking
Desired qualification and experience
Graduate/Post Graduate degree in Information management and security (pref. B. Tech/M.Tech/MS)
5+ years of professional experience in information security with a focus on vulnerability assessment and penetration testing.
Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper etc. Proficiency with other common attack tools and frameworks such as Wireshark, Kali, and Metasploit, etc.
Ability to validate the presence of identified vulnerabilities with accuracy.
Must have the ability to perform targeted penetration tests without use of automated tools.
Capable of providing assistance with the preparation of internal training materials and documentation.
Passionate in the practice and pursuit of VAPT excellence
Knowledge of cloud technologies and cloud hosting (nice to have)
Relevant certifications CEH, ECSA, OSCP, OSCE is an added advantage
Strong Communication skills