- Technical Assistant-Web and Software Application Security
|Name of the Post
||Web and Software Application Security
||Web and Software Application Security and Audit
- Ability of formulate policies, procedures and processes in Information Security domain
- Ability to analyze black box, grey box and white box vulnerability assessment and penetration testing exercises of web applications, network, mobile applications and recommended mitigation.
- Perform vulnerability and penetration testing.
- Compliance testing for various Cyber Security standards towards implementation of security policies and controls.
- Implementing and mainlining security controls by adopting International best practices
- Internet traffic monitoring, IP, Domain Name, user profiles tracking using Open Source Intelligence
- Carry out proactive security testing as a routine activity based on the defined policies and control structures
- Conduct and ensure periodic infrastructure audits (network, servers and systems) and investigation of any cyber violations
- Analysis and assess the vulnerabilities in the infrastructure (software, hardware, networks) and devise the possible counter measures.
- To be part of the Blue team and red team cyber security drills.
- Ensure cyber security practices and Secure SLDC for all in-house and outsourced applications development.
- Implement system security engineering across the program acquisition life cycle performing and analyzing assessment activities.
|Desired skill set
||Application Security Audit
- Experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
- Advanced knowledge on Windows and Linux operating systems based applications
- Strong knowledge of system vulnerabilities and security issues.
- Experience with scripting, monitoring tools and automation tools.
- Familiar with backup and recovery software and methodologies
- Experience in vulnerability assessment and penetration testing of web applications, operating systems, Mobiles apps & Database.
- Familiar & hands on experience with commercial/open source VAPT tools such as NMAP, Nessus, OWAP Zap, Burp suite, Netparker and exploit frameworks like Metasploit
- Experience in identifying and remediating common web application vulnerabilities.
- Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
- Familiarity with APT attack and kill chains.
- Sound knowledge of Vulnerability Assessment, Penetration Testing and Technology Risk Management across different application stacks such web applications, mobile applications, Thick clients and APIs
- Thorough knowledge about Secure coding practices and ability to perform secure code review
- Knowledge of common information security management frameworks such as NIST, GIAC, SANS, CIS Benchmarks, OWASP, etc.
- Preferred Industry recognized certification(s) in Information Security
Back to previous page
For any clarification, please contact.
C-DAC IIPC Building, NIT Silchar Campus, Silchar, Assam
Phone No. 03842-242009