Senior Information Security Consultant – Immediate

Job description

The candidate is responsible for establishing, implementing, monitoring, reviewing, and improving all suitable sets of controls for the prevention of threats to the security of client applications & information assets, ensuring the business objectives of the organization. Should rigorously test, scan, audit & re-test all scopes as per all international security standards like OWASP, SANS & others.

Responsibilities and Scope:

• 5+ years of experience in web application and mobile application security, Network & Cloud Infrastructure Security, Vulnerability Assessment & Penetration Testing.
• Exploit security flaws & vulnerabilities with attack simulations on multiple applications in the Android and IOS platforms.
• Provide remediation guidance to identified vulnerabilities.
• Manual and automated security testing of Web applications, APIs, and mobile Apps.
• Use automated & manual code review techniques to identify application security vulnerabilities.
• Identify complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.
• Document & report vulnerabilities and work on periodic vulnerability mitigations, patching.
• Analyze application security policies for effectiveness, make suggestions on security policy improvements, and work to enhance methodology material.
• Develop & maintain security testing plans and automate penetration and other security testing on the applications, systems, networks, and data layers.
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make decisions based on potential security threats & risks.
• Produce actionable, threat-based reports on security testing results.
• Build and maintain relationships with key stakeholders and security partners.

Must-Have:

• Team player with good interpersonal skills, able to work independently with minimum supervision in a complex Infrastructure environment.
• Certifications: OSCP, OSWE or any other security certifications.
• Self-driven, self-managed technical team leader.
• Ability to clearly communicate needs and requirements and influence stakeholders with minimal supervision.
• Ability to accurately estimate effort, set and meet periodic delivery deadlines.
• Experience in research and development in Red Team Exercises, Threat Hunting, OSINT, Threat Modelling & building security tools is a plus.
• Good understanding of DevSecOps, security architecture review and network security assessments is an added advantage.
• Hands-on experience with technology to contribute to the design, development, and support of projects with security recommendations.

Nice to Have:

• Good problem-solving skills, communication and documentation skills.
• Ability to anticipate needs and provide creative input that ensures the success of the broader team.
• Proficient in reading modern programming languages with the ability to quickly learn to read and interpret scripts written by others.
• Ability to lead & drive multiple projects simultaneously.

No of Positions: 4

Note: The candidate would be expected to work in diverse consulting engagements and be willing to travel to Middle East countries for project execution at least 50% of their time.

Preference to candidates who can join immediately or within 15 days at the max.

Employment Type: Full-time

Industry

• Information Technology & Services

Employment Type

Full-time