Security Consultant - web Application

Educational Qualification: BE/BTech/MCA Experience: More than 10yrs+ exp. Certifications such as CISSP, CISA, CASE, Latest CEH preferred. JD Details: Required Skills: Deep knowledge of web Application and mobile application security testing Suggest mitigation for identified vulnerabilities for Application and network Infrastructure. SOC incidents and threat analysis A clear conceptual understanding of the Secure Software Development Life Cycle Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools. Strong knowledge on network penetration testing. Collaboration on product conceptualization for security by design Knowledge on ethical hacking, DFRA and CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Experience on static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Experience on secure configuration document (SCD) based on CIS benchmark Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats. Nice to Have: Knowledge on kali Linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH) if any Proficiency in programming languages (Java) Compliance: Knowledge of compliance frameworks (PCI DSS, GDPR, etc.) Key Responsibilities for network VAPT: Network Vulnerability Assessment: Conduct comprehensive network vulnerability assessments to identify potential security threats and weaknesses. Perform penetration testing to simulate real world attacks and identify vulnerabilities that could be exploited by attackers. Assess the risk associated with identified vulnerabilities and provide recommendations for remediation. Prepare detailed reports outlining findings, risks, and recommendations for remediation. Engage with clients to discuss findings, provide recommendations, and answer questions. Lead and mentor junior team members to ensure knowledge transfer and skill development. Stay up to date with the latest security threats, vulnerabilities, and technologies. Basic Skills required: Proficiency in network protocols (TCP/IP, DNS, DHCP, etc.) Experience with vulnerability scanning tools (Nessus, Qualys, etc.) Knowledge of penetration testing frameworks (Metasploit, Burp Suite, etc.) Excellent analytical and problem solving skills Effective communication and interpersonal skills