Analyst - Cybersecurity

 Bangalore, India       Permanent contract        Security

Responsibilities

This role will be exclusively focused on delivery, technical team leadership and technical expertise.

An individual role with strong technical skills (application and IT infrastructure), along with a thorough Cyber security domain knowledge.

 

As a technical consultant in Application & Infrastructure Security Penetration Testing, you will :

  1. Perform security penetration testing and ongoing vulnerability assessment of internal, external perimeter and wireless networks and web applications
  2. Perform assessment of IT infrastructure, end-points, cloud etc. with ability to exploit the vulnerabilities
  3. Propose frameworks & solution which cater to Application, Network and Infra securities; security architecture configuration
  4. Source code reviews, penetration tests, red team and phishing exercises, security architecture configuration reviews, and technical security compliance reviews
  5. Conducting technical trainings and user awareness sessions
  6. Explore & propose the possibilities to leveraging on Open source solutions.
  7. Ability to do development and scripting to customize and integrate open source solutions.
  8. Serve as the technical expert for remediation of threats and vulnerabilities across application and infrastructure platforms
  9. Partner with Technology and Application teams to create, implementation and/or remediation plans for identified vulnerabilities
  10. Lead critical vulnerability identification and response exercises. Expert in OWASP concepts and Application VAPT concepts.

Present/Document key findings, progress, and hurdles to IT leadership on a regular basis
Influence stakeholders to prioritize and execute risk management initiatives, and drive remediation of process and technology gaps

Profile Required

  • 3 to 6 years of related work experience in threat modeling, penetration testing and/or secure application development
  • Thorough understanding of application and infrastructure architectures, and related vulnerabilities
  • Solid understanding of security standards, frameworks and methodologies: OWASP, CVE, CVSS …
  • Good communication, presentation and interaction skills. Experience working with technical experts and architects in security domain.
  • Knowledge of HTTP, TCP/IP networking required
  • Knowledge of Active Directory (AD) Environment Penetration Testing
  • Knowledge of Scripting Language. E.g. Python / Perl / PowerShell / C / C++ / Java / JavaScript
  • Knowledge of penetration testing methodology required
  • Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and Mobile Top 10
  • OSCP certification (preferred), CEH Certification or comparable penetration testing certification required.
  • Industry standard certification such as Certified Information Systems Security Professional (CISSP) or Security+
  • Understanding of security frameworks such as ISO27001 or NIST Cybersecurity Frameworks a plus
  • Experience with various operating systems, network security technologies, web application development technologies, languages and frameworks such as .Net, Java, PHP, Angular JS, NodeJS etc.
  • Experience with Configuration and Deployment Management Testing, Identity Management Testing, Cookie/Session Management, Authentication/Authorization Testing, Input Validation Testing, Privilege escalation testing, Enumeration testing
The above description is a general statement of required/mandatory major responsibilities performed on a regular and continuous basis. It does not include other responsibilities, as assigned from time to time on a need basis on the related role.

Why Join Us

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”

Business Insight

This role incumbent as Cyber Security Consultant/Expert is responsible for providing application and infrastructure testing services and consultation to technology teams to design secure solutions at Societe Generale India.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 19000WQQ
Business unit: SG Global Solution Centre
Starting date: 03/02/2020
Date of publication: 18/01/2020
Share on

Analyst - Cybersecurity

Permanent contract   |   Bangalore   |   Security