Risk Assessment
Business Continuity Management
Maturity Model Assessment
Data Flow Analysis
Risk Assessment
At CyRAACS, we perform an extensive Risk Assessment to identify the inherent and residual information security risks across the organization. Based on the assessment conducted, we recommend Risk Mitigation measures to ensure the appropriate security controls are in place in line with the organization risk appetite.
Business Continuity Management
Business Continuity planning is essentially a form of insurance. It gives organizations the comfort of knowing that, even if disaster strikes, the damage won’t be overwhelming.
Having an effective Business Continuity Management ensures that organizations can continue to provide an acceptable service in the event of a disaster, helping them preserve their reputation and keep revenue coming in. In the event that its key management resources are compromised, it is critical for an organization to be proactive and create a viable plan of countermeasures.
CyRAACS’s business continuity professionals provide consultancy help in identifying risks arising from third party vendor networks, managing them effectively, and planning how you can operate, improving your organizational resilience.
Maturity Model Assessment
An Information Security Maturity Model provides a path forward and enables the organization to periodically assess where it is along that path. Our unique qualitative and quantitative assessment model is adapted from the CMMI rating scale. CyRAACS’s Maturity Model Assessment framework helps to understand the organization’s risk exposure, and the maturity of the current information security program and identify areas for improvement, we also create benchmarks against other organizations and validate that security investments have improved security posture. We also provide a roadmap with opportunities in the areas of technology, process, and capabilities for information security.
Data Flow Analysis
For today’s way of the data treatment, it is an easy target to expose as organizations across the world are looking at the increasing amounts of data to deal with every day, this could be through e-mails, files, transactions, etc. Hence organizations urgently need to understand what their sensitive data is and where they are so that they can deploy appropriate controls to protect it. Data Flow Analysis (DFA) is the first step toward identifying sensitive data and implementing appropriate security controls for data protection.
CyRAACS’s DFA framework covers all the stages of the data lifecycle right from data acquisition to retirement. It helps to capture an accurate picture of the data flow at various stages within the organization. The output from DFA can act as key inputs to a Digital Rights Management (DRM) or Data Leakage Prevention (DLP) tool implementation, should an organization wish to implement those tools.
Contact Us
Home
Services
GRC Services
Audit
Consulting
AI Risk Assessment
Technical Services
VAPT
Specialized
Niche
AI Security Assessment
Platform Services
CMS
TPRM
Managed VAPT
Platform
About Platform
Platform Capabilities
Platform Overview
Resources
Resources
Case Studies
Downloads
Webinars
Videos
Surveys
Blogs
GRC
Frameworks & Regulations
TPRM
Platform
Technical Services
Others
Company
About Us
What we bring to the table
Our credentials
Our Journey
What defines us
Our Team
Leader Team
In the News
Media Coverage
Press Releases
Partnership
Who Should Partner with Us
Why Partner with CyRAACS
Join Us
Careers
One Team. Many Career Paths.
Why a Career in Cybersecurity at CyRAACS?
Product and Technology
Consultants
Contact Us
Home
Services
GRC Services
Audit
Consulting
AI Risk Assessment
Technical Services
VAPT
Specialized
Niche
AI Security Assessment
Platform Services
CMS
TPRM
Managed VAPT
Platform
About Platform
Platform Capabilities
Platform Overview
Resources
Resources
Case Studies
Downloads
Webinars
Videos
Surveys
Blogs
GRC
Frameworks & Regulations
TPRM
Platform
Technical Services
Others
Company
About Us
What we bring to the table
Our credentials
Our Journey
What defines us
Our Team
Leader Team
In the News
Media Coverage
Press Releases
Partnership
Who Should Partner with Us
Why Partner with CyRAACS
Join Us
Careers
One Team. Many Career Paths.
Why a Career in Cybersecurity at CyRAACS?
Product and Technology
Consultants
Contact Us
About Us
What we bring to the table
Our credentials
Our Journey
What defines us
Our Team
Leadership Team
In the News
Media Coverage
Press Releases
Partnership
Who Should Partner with Us
Why Partner with CyRAACS
GRC Services
Audits
Consulting
AI Risk Assessment
Technical Services
VAPT
Specialized
Niche
AI Security Assessment
Platform Services
CMS
TPRM
Managed VAPT
Careers
One Team. Many Career Paths.
Why a Career in Cybersecurity at CyRAACS?
Product and Technology
Consultants
Build your future with us.
Apply Now
About Platform
Platform Capabilities
Platform Overview
Enable continuous compliance with a unified, intelligent platform
Let's Discuss
Resources
Case Studies
Downloads
Webinars
Videos
Surveys
Blogs
GRC
Frameworks & Regulations
TPRM
Platform
Technical Services
Others
Sr. VAPT Consultant
Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Master’s in
Information security, or Forensics Analysis Knowledge
Apply Now
Role and Responsibility
Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to
evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation
plans for mitigation of the identified vulnerabilities.
Conduct Application vulnerability assessments, Penetration Testing for web applications,
identify and report vulnerabilities, provide recommendations, and track closure of identified
vulnerabilities.
Perform Configuration compliance assessments for Endpoints / Assets /network devices and
help maintain the security settings at compliant level with Specific Security Standards.
Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders.
Performing comprehensive review and threat adversary modeling for web applications.
Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
Conduct and compile findings on new vulnerabilities, new tools for departmental use.
Create project deliverables / reports and assist the client with remediations and discussions.
Abide by the project timelines and maintain project discipline
Role Overview
Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to
evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation
plans for mitigation of the identified vulnerabilities.
Conduct Application vulnerability assessments, Penetration Testing for web applications,
identify and report vulnerabilities, provide recommendations, and track closure of identified
vulnerabilities.
Perform Configuration compliance assessments for Endpoints / Assets /network devices and
help maintain the security settings at compliant level with Specific Security Standards.
Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch
Advisories and provide remediation steps for the stakeholders.
Performing comprehensive review and threat adversary modeling for web applications.
Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application
Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
Conduct and compile findings on new vulnerabilities, new tools for departmental use.
Create project deliverables / reports and assist the client with remediations and discussions.
Abide by the project timelines and maintain project discipline
Technical Skills Required
Hands-on Experience is performing Network Security Assessment and vulnerability Assessment.
Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms.
Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.
Familiar working with Publicly available exploits codes.
Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite,
Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc.
Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities,
weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes.
Sound knowledge about Application vulnerability assessments and relevant knowledge of
OWASP top 10 vulnerabilities and SANS.
Good understanding of firewalls, Switches, and Router’s configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices.