- Resource should be able to perform security assessments of different IT functional areas (e.g., applications, systems, network and/or Web) in conformance with Cyber Security industry wide best practices and threat model frameworks (NIST, STRIDE, PASTA etc). They should be able to work on multiple projects as a team member and make assessment reports on different standards. He should work cohesively with senior team members to gather a full understanding of project scope and business requirements.
Responsibility & technical skills: -
- Deep understanding of NIST Risk Framework applicability to existing and upcoming systems
- Participate in security planning and analyst activities.
- Performs security assessments and security attestations.
- Participates in security investigations and compliance reviews as requested.
- Make security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
- Hands-on experience of Mobile Applications and Device security tools.
- Should have sound understanding of secure coding practices which are in conformance with OWASP Top 10, SANS and WASC.
- Perform Vulnerability Analysis of applications based on the industry wide Application Security Threat Models like ASF, STRIDE and Risk Assessment model like NIST.
- Assist audit team in developing audit reports; present audit reports to top management, as needed and execute and properly document the audit process on a variety of cyber security environments.
- Prepare technical solutions to mitigate the vulnerabilities identified during threat modelling and vulnerability analysis.
- Hands-on experience of various Data Security Tools for Data Discovery, Governance, DLP, etc.
- Evaluate all design documentations and perform design assessments to ensure appropriate security controls are implemented within designs.
- Prepare strategies to mitigate vulnerabilities emanating from Vulnerability Assessments and Penetration Tests of Applications both at production level and source code level, i.e. DAST and SAST.
- Possess strong analytical and problem solving abilities
- Worked on different security tools w.r.t. around VA, PC, DAST, SAST, PT.