Microland Hiring for Administrator at Bengaluru, Karnataka, India Full Time

Job Description

Additional details
Level
P2
Requirement location
India – Bengaluru
Number of Position
1
Employment type
ML
Cluster/Group
Microland Delivery
Business Unit
RUN – HYBRID DELIVERY UNIT
Department
SOC – Tech Ops

Job Code: ML1CYSVASP2NOVERALL SKILL SET FOR VA/PT ?Strong professional experience in information security with a focus on vulnerability assessment and penetration testing?Commanding knowledge of VAPT concepts and best practices including the requirements for WhiteHat/ethical hacking?Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope objectives and deliverables?Extensive experience with common automated VAPT tools such as Nessus Appscan Burp Suite Nipper and Trustwave?Proficiency with other common attack tools and frameworks such as Wireshark Kali and Metasploit etc.?Working knowledge of manual testing of web applications?Good knowledge of modifying and compiling exploit code?Hands on experience of working on Windows and Linux?Working knowledge of CIS Security benchmarks?Thorough and practical knowledge of OWASP?Proficiency with pentest in any of three or more areas i.e. Web application security testing Network infrastructure testing Wireless testing Application and API security review Remote working assessment Mobile security testing Firewall configuration review?Experience with Nessus NetCat NMAP Backtrack Metasploit HPing and similar tools set like RetinaCS Qualys McAfee (Foundstone)?Knowledge of Network Security technology in areas of Firewall IPS VPN Gateway security solutions (proxy web filtering)?In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database?Ability to validate the presence of identified vulnerabilities with accuracy?Mastery of common application platforms and technologies in order to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins?Authoritative understanding of OWASP CVE general security controls and other foundational topics such as the latest application and operating system exploits?Knowledge of common scripting and programming languages is advantageous?Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances?Ability to maintain critical thinking and composure under pressure?Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English?Capable of providing assistance with the preparation of internal training materials and documentation?Ability to be productive and maintain focus without direct supervision?Understands VAPT in the context of risk management and organizational priorities?Passionate in the practice and pursuit of VAPT excellence?Industry certifications (Desirable): CISSP or SSCP GIAC GPEN or GWAPT Offensive Security OSCP preferredJob Requirements?Conduct cyber-attack simulations as part of the RED team activity?Conduct Vulnerability Assessment and Penetration Testing and configuration review for network web application mobile application and thick -client application using Nessus Metaspoilt Backtrack penetration testing distribution tools sets?Conduct configuration reviews for OS DB Firewall routers Switches and other security devices/components?Conduct source-code review using automated and manual approaches?Perform manual testing of web applications?Prepare Threat Intelligence reports for newly discovered threat agents exploits attacks?Map out a network discover ports and services running on the different exposed network and security devices?Research and maintain proficiency in computer network exploitation tools techniques countermeasures and trends in computer network vulnerabilities data hiding network security and encryption.?Analyze scan reports and suggest remediation / mitigation plan?Keep track of new vulnerabilities on various network and security devices for different vendors?Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices?Advanced technical analysis on intrusions?Audit configuration of Network and Security devices?Providing rich client specific reports?Provide assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles?Assess the sufficiency of policies standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture?Maintain assigned systems to ensure availability reliability integrity including the oversight of current and projected capacity performance and licensing?Define create and delivers reports and relevant metrics to the Information Security Manager?Mentor junior members of the VAPT group and provide constructive consultation to other peer groups such as DevelopmentRoles and Responsibilities:oIn addition to over all skill L2 need to act as the coordinator and response to individual information security incidentsoMentor security analysts at L1 regarding risk management information security controls incident analysis incident response console monitoring and other operational tasks in support of technologies managed by the Security Operations CentreoShould have ability to handle escalated incidents oNeed to Build awareness of customer environment and perform alert analysis with this enhanced knowledge oAbility to do advance reporting that would help understand the trends on alerts and help in fine tunning of the alerts oConduct vulnerability assessments for networks applications and operating systemsoConduct network security audits and scanning on a predetermined basisoPerform threat assessments which includes holistic estimations of threats posed by various actors oReview of Vulnerability assessments and ensuring compliance of systems as per standardsoDocument incidents from initial detection through final resolutionoParticipate in security incident management and vulnerability management processesoParticipate in evaluating recommending implementing and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.Vulnerability Management1.Ability to navigate through the Qualys Vulnerability assessment tool.2.Ability to export scheduled VA Scan report as per the requirement.3.Ability to analyse categorize (such as WindowsUnix and Network device) vulnerabilities and report .4.Basic knowledge on Vulnerability ExploitpatchingQID etc.5.Should be able to analyze the vulnerability report and recommend the solution to remediate it.Qualys