Position Description

Under limited supervision, design and administerprocedures in the organization that sustain the security of the organization’sdata and access to its technology and communications systems.

Assess risk of exposure of proprietary data throughweaknesses in platforms, access procedures, and forms of access to theorganization’s systems

and the data contained in them.

Track security violations and identify trends orexposures that could be addressed by additional training, technical measures,or

use of application tools to enhance security.

May lead or execute simulated attacks or securityviolations to assess the organization’s data security measures.

KEY JOB FUNCTIONS

Conduct platform or operating system vulnerability scanswhich assess exposure of system to attacks or hacking.

Respond to questions and issues raised regarding viralactivity, spam/phishing etc. Produce reports.

Serve as organization's POC for the third partycertification of security procedures and use of cyber security protections.

Ensure that system's security controls, policies andprocedures examined, measured and validated against third party standards.

 Design, plan andimplement test strategies to support the core infrastructure in the contingencyenvironment for all critical business applications to ensure businesscontinuity in the event of a major business interruption or disaster.

Participate in internal reviews by auditors, operationalrisk assessment staff, or compliance/reporting staff to prepare assessments orreports of operational risks associated with IT/IS infrastructure, access tosystems, exposure to attacks, etc.

Participate in developing and testing of newmethodologies and systems for recovery of the critical core business processesand the enterprise infrastructure.

Review commercial products available to enhance corporatehardware, platforms, applications and data. May test or evaluate products underconsideration for purchase or licensing.

Skill set

Demonstrable knowledge of application security, riskassessment, validation of security penetration/dynamic test results, staticcode testing/scanning/analysis and vulnerability resolution.

Experience with secure coding practices and is capable ofconducting security assessments and analysis of applications in order to findvulnerabilities through manual and automated code scanning techniques.

Ability to identify security requirements forapplications and services and to effectively discuss requirements with internalteams and business owners.

Can explain the risks associated with common applicationvulnerabilities in order to demonstrate exploitation and then recommendmitigation options.

 Take initiative topromote activities to foster Information Security awareness and education amongapplication development.

 Strong interpersonaland communication skills for developing relationships with individuals andteams across the enterprise (including senior management).

Familiarity with emerging applications security exploitsand willingness to research them.

Solid understanding of frequently used web applicationsecurity testing tools and common web / systems application vulnerabilities.

 Familiarity withkey security concepts and frameworks such as OWASP, CVE, and CVSS.

Thorough understanding of application architecture andsupporting component.

 Solid Developerswith 3+ years of experience with development stack like java, database who areinterested in getting trained in Application security are welcome to the team.

EDUCATION: Bachelor's Degree or equivalent required

 MINIMUM EXPERIENCE: 2+ years of related experience