Manager/Senior Manager - Cyber Security Expert - IT

Desired profile:

- Preferably BTech/MCA/MSc IT/ CISSP qualification

- Minimum 7 years experience in a related field (Information security audits, Cyber security testing etc), preferably in professional services and/or industry.

- Understanding of IT General Controls, network security, security configuration review, external and internal Vulnerability and Penetration Assessment (VAPT), Web Application Assessment, red team testing, Black box and grey-box testing

- Experience in Port and Vulnerability Scanning Tools, Web Application Scanning Tools and other security scanning tools.

- Skills in project management and engagement closure would be useful.

- Experience related to implementation of variety of research and information gathering strategies, conduct IT risk assessment,

- Certification in CIA/CISA/CISSP/CISM/CRISC/CEH is preferred but not essential

Key Skillsets

1. Red team testing : Red team testing is a path to understanding these risks that are not normally identified by vulnerability assessments and penetration tests. Red team testing is a targeted penetration test that simulates real-world attacks (i.e. Advanced Persistent Threats) and malicious tactics of a motivated adversary with the intent of obtaining access or achieving specific objectives. These objectives can be decided beforehand or as part of the planning process.

2. External Vulnerability and Penetration Assessment (External VAPT):

- Identify security weaknesses and vulnerabilities in the target systems;

- Attempt to exploit verified vulnerabilities with authorization from the client;

- Provide details on observed vulnerabilities and potential exploits;

- Provide the client recommendations for mitigating risks posed by observed findings and vulnerabilities

3. Internal Vulnerability and Penetration Assessment (Internal VAPT):

- Identify security weaknesses and vulnerabilities in the target systems;

- Attempt to exploit verified vulnerabilities with authorization from the client;

- Provide details on observed vulnerabilities and potential exploits;

- Provide the client recommendations for mitigating risks posed by observed findings and vulnerabilities

4. Web Application Assessment Primary objective of a web application assessment is to identify and evaluate the overall security posture, controls, and potential exposures associated with the in-scope application(s).

5. Configuration Review: Configuration review of Firewalls, Network Devices, Servers

Port and Vulnerability Scanning Tools:

- Tenable's Nessus Vulnerability Scanner

- Rapid7's Nexpose Security Scanner

- Qualys' QualysGuard

- Nmap Port Scanner

- Kali linux

Web Application Scanning Tools:

- NTO Spider

- Burp Suite Pro

- Acunetix's Web Vulnerability Scanner

Database Scanning Tools:

- Desired but not essential

Miscellaneous Testing Tools

- Metasploit Framework

- Core Security's Core Impact

- Oxid.it's Cain

- John The Ripper, RainbowCrack, OCLHashcat

- OWASP's WebScarab, Achilles Proxy, Paros

- Firefox Live HTTP Headers, Tamper Data and Developer Tools

- THC's Hydra

- App SecInc's App Detective Pro