IT Risk Manager - VAPT

Description :

- Perform VAPT for web/mobile applications, APIs, and infrastructure.

- Collaborate with penetration testers and ensure vulnerability closure within SLAs.

- Conduct configuration reviews for firewalls, servers, and endpoints.

- Recommend remediation actions and validate fixes.

- Maintain reports in line with RBI, PCI DSS, and internal compliance requirements.

Change Management & Secure Configuration Review :

- Participate in change management processes with a strong security lens.

- Assess risks associated with deployment models and configurations.

- Maintain documentation across SDLC and change workflows.

Application & API Security Lifecycle :

- Define and implement security frameworks for applications & APIs.

- Perform end-to-end API security testing aligned with OWASP API Top 10.

Threat Identification & Risk Assessment :

- Conduct threat modelling and vulnerability scans regularly.

- Keep track of zero-day vulnerabilities and evolving threats.

- Work with security teams to strengthen detection and prevention strategies.

Security Incident Response :

- Investigate and respond to incidents promptly.

- Maintain and execute Incident Response Plans (IRPs).

- Lead post-incident analysis and continuous improvement initiatives.

Governance, Compliance & Documentation :

- Ensure compliance with RBI cybersecurity guidelines and ISO 27001.

- Maintain logs, audit trails, and documentation of vulnerabilities and incidents.

- Support audits and regulatory reviews.

- Develop security frameworks for firewalls, servers, endpoints, applications, and APIs.

Advisory & Collaboration :

- Work closely with Dev, DevOps, and IT Infra teams to embed security.

- Recommend improvements in hardening and secure coding.

- Assist in designing secure architectures.

Continuous Learning & Knowledge Management :

- Stay updated on latest cybersecurity trends and regulations.

- Participate in training, webinars, and security communities.

- Recommend new tools and frameworks for enhanced security.

Required Skills :

- Hands-on experience with VAPT tools : Burp Suite, OWASP ZAP, Nessus, Nmap, Postman.

- Strong understanding of OWASP Top 10, API Security & secure coding.

- Experience in configuration reviews (firewalls, servers, endpoints, API gateways).

- Familiarity with DevSecOps & CI/CD security integrations.

- Knowledge of OAuth 2.0, JWT, API keys, rate limiting, etc.

- Experience with incident response tools like Splunk, CrowdStrike.