Lead Security Consultant

Job Description:

We are looking for a Lead with 7+ years of experience with immediate joining and who are passionate about security threats and vulnerabilities, understands how to break the system from both the Application and network, cloud perspective. Who can focus on identifying and assessing vulnerabilities in software systems, Networks, and mobile based applications
The major focus will be on Cloud Security, Red Teaming, Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments.

• The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation presentation to stakeholders along with operation and construction of tools to assist in these tasks.
• Well versed with OWASP – Top Ten and WASC Threat Classifications
• Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
• Business‐Logic based application testing
• Penetration testing of Mobile applications and websites.
• Exploitation of the issues found and presenting the impact occurred
• Source Code Reviews – Well versed in Java Secure Code Review.
• Well versed in OWASP Code Review concepts & identifiers
• Familiar with popular tools: * Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark *
  Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider * Exploit Toolkits: Metasploit, Exploit DBetc
• Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them
• Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.

Mandatory Skills:

• Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile)
• Network Security Testing/Penetration Testing (Network, OS, Databases etc)
• Static Code Analysis/ Secure Code Review.
• Cloud Security Testing: Assess the security posture of cloud infrastructure, platforms, and services (IaaS, PaaS, SaaS).
• Evaluate cloud configuration settings for adherence to security best practices.
• Identify potential misconfigurations, access control issues, and data leakage risks.
• Cloud Security - AWS and Azure, GCP, Oracle domain. (Any one to two cloud domains he/she should have knowledge.)
• Cloud Application Pentest / Cloud Network Pentest
• Cloud Security Architecture Review for Infrastructure and Application
• Cloud Security Configuration Review
• Network Security Architecture Review, Red Teaming
• Reporting and Documentation for Security.

Responsibility as Lead:

• Responsible for overseeing all activities within a team.
• Responsible for keeping track of and structuring various tasks
• Coach team members technically.
• Develop team strengths and improve weaknesses.
• Handle project efficiently within time & high on quality.
• Attention to detail.