Security Testing Lead - VAPT

Job Description :

Information Security - SOC and Security Testing Lead

Role and Responsibilities :

- Participate in information Security Risk Management initiatives

- Lead the Security Testing program (VA/PT, Red Team, DFRA etc) and achieve regulatory compliance.

- Present Security Dashboard to respective stake holder on periodic basis

- Prepare Security testing calendar and initiate testing accordingly

- Liaising with IT/ Digital/ Business Team for information assets and initiate security testing.

- Follow up with respective stake holders for tracking and closure of vulnerabilities.

- Liaison with SOC providers for organisation's requirement and vice versa.

- Be a first responder for the true positive offense handed over by the security monitoring team.

- Owner of Cyber Crisis Management plan (CCMP), integration of CCMP with SOC

- Conduct detailed analytical queries and investigations, identify indicators of compromise (IOC) or Indicators of Attack (IoA) that need further investigation, and develop use cases and rules.

- Hands-on experience in static and dynamic malware analysis.

- Hands-on experience in event and log analysis on Windows endpoints

- Understanding on cloud hosting and SOC/ SIEM integration with CSPs.

- Conduct Data Flow Analysis to identify critical data

- To Manage the Data Leakage Prevention (DLP) tool, configure the DLP policies as per business requirements

- Report DLP incidents to stake holders on daily/ periodic basis

- Develop and Maintain Information Security Policies, Processes and standards/guidelines specific to DLP/ security testing domains.

- Assist in IT Compliance drive for Information & Cyber Security Requirements (e.g. regulatory, ISO27001 standards, IT Act, UIDAI, CERT-In, SEBI).

- Assist internal and external IT/ regulatory/ compliance Audits.

- Maintain Information Security Key Risk indicators (IT Compliance parameters) and present in committee meetings

- Drive and execute Information Security awareness related activities.

- Drive Information Security projects/ implementation & tracking its activities.

- Lead the Design, Review and implementation of security initiatives and projects

Skills & Competencies

- Should have executed Security Testing program for web, mobile applications and infrastructure.

- Should have experience in management of VA/PT program.

- Ability to manage MSSP/SOC operations independently.

- Experience in deployment of various tools like DLP, Compliance tracker.

- Should be strong in driving compliance activities along with technical skills.

- Good verbal & written communication skills.

- Capability to drive activities with minimal guidance.

- Strong knowledge of incident management, incident mitigation, closure and containment.

- Working knowledge of Data Leakage Prevention (DLP) solutions is an added advantage.

Qualification & Experience :

- Bachelor's / Master's degree in Computer Science, Information Technology, MBA in Information Systems, Information Security Management

- Excellent oral and written communication skills and interpersonal skills.

- Experience of BFSI / consulting industry will be preferred

- Certifications like CISSP, CISA, CISM, Cloud Security is an added advantage