This is an intermediate level Information Security position, reporting to the Security Assessment Lead, providing Security Testing in various areas like Web, Network, Medical Devices, IOT and Source Code etc.
The Position demands the candidate to work with various departments in IT to understand the business need, background, workflows to ensure the requirements are captured and tested thoroughly.
The Individual is also responsible to track and ensure the remediation of the gaps found by working with the Owners, Developers and other departments etc.
Experience & Skills
• Candidate must have 2 to 5 years of experience in performing security assessments for Web Applications (thin/thick/cloud).
• Expertise in Scripting languages such as python, Ruby, PowerShell are highly desired
• Any Experience in the following would be added advantage
- Network Penetration Testing
- Web Application Penetration testing
- Android/IOS Application Security Assessment
- Implementation /Secure coding /secure code reviewing knowledge.
- Skilled in Active Directory Pentest with certifications such as CRTE.
Ready to work in individual contributor capacity and as well work collaboratively with team to deliver Projects on time.
• Knowledge of Open Source Security Testing Methodology Manual (OSSTMM). • Expert knowledge of security risks related to web, mobile, web services, and client/server architectures.
• Familiarity with common web stack technologies and platforms (Java, HTML5, Ajax, Node.js, Angular, React, MongoDB, etc.)
• Solid understanding of encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture.
• Working knowledge of application security tools (Source/Binary Code analysis tools, software component analysis tools).
• Ability to closely work with Software Developers to Remediate the Findings and enable the teams.
• Development knowledge of Android and IOS applications is an advantage.
• Intermediate to advanced knowledge of database management systems such as MySQL, SQL Server, PostgreSQL, and Oracle.
• Should be Process oriented and good at Reports writing.
• Experience conducting reverse engineering.
• Familiarity with software attack and exploitation techniques.
• Working knowledge of the Software and Systems Development Life-cycle phases and related security tasks.
• Familiarity with Cloud Deployments, AWS , Azure , Google Cloud platform Security.
• Knowledge of operating systems such as Windows Server, Windows 7/8/10, and Linux.
• Solid knowledge of network devices such as firewall, routers, and switches.
• Solid understanding of network security and popular attack vectors.
• Knowledge and experience with core networking protocols (TCP/IP, HTTP[S], DNS, ARP, DHCP, DSN, FTP, IMAP, ICMP, IDRP, IP, IRC, NFS, POP3, PAR, RLOGIN, SMB, SMTP, SSL, SSH, TELNET, UDP etc.)
• Knowledge of and experience with information security compliance frameworks such as HIPAA, HITECH, PCI DSS, NIST SP series, NIST CSF, ISO27001/2, etc.
• IEEE 802.11 security concepts.
• Knowledge on Threat Modelling, Risk Assessments.
• Eager Learner and ready to share knowledge
• Good Communication Skills-Written/Verbal
• Immediate Joiners preferred- 15-30 days
Bangalore & Hyderabad
How to Apply
To apply for the job, kindly send an Email with Resume to firstname.lastname@example.org with the subject line GBHackers Reference - Applying for Sr.Cyber security Analyst at Primhealthcare in India.