Job purpose:

• Pentest Web Application, Android Application and IOS Application as well as APIs.
• Conduct firewall configurations reviews.
• Review the implementation of Identity and Access Management on both Application and Server side from a security perspective.
• Conduct risk assessment activities.
• Provide support to various clients in customization of the system and in security assessment.
• Develop and maintain information security guidelines, practices, standards, and policies.
• Implementation of the security controls on Mobile Apps as well as Web Apps and APIs using Static application security testing (SAST), Dynamic Application Security Testing (DAST).

Required Skills and Responsibilities:

• Pentest Web Application, Android Application and IOS Application as well as APIs.
• Create, Review, Update and Implement the information security policies and procedures.
• Conduct firewall configurations reviews.
• Design and review the Identity and Access Management (IAM).
• Review the implementation of Identity and Access Management on both Application and Server side from a security perspective.
• Assist and provide the network security hardening guidelines to network team.
• Conduct threat modeling of possible threats.
• Conduct risk assessment activities.
• Conduct privacy impact assessments on the application, transport and database level.
• Conduct the security code review using both static code analysis and well as manual code review.
• Design and implement security solutions and controls recommended by compliance audits.
• Monitor security logs and audit trail data to detect possible security breaches.
• Identify and mitigate the security vulnerabilities in applications and servers.
• Carry out web server security audits and assure that all information assets are secure.
• Provide support to various clients in customization of the system and in security assessment.
• Test the new and updated modules and their impact on the product’s functionality and security.
• Interact with other team members over the world to carry out various business operations.
• Conduct, review, update and administer the information security program.
• Develop and maintain information security guidelines, practices, standards, and policies.
• Implementing the security on the architectural level and making sure all the controls are fully compliant to ISO 27001 ISO 27701, PCI PA DSS, and State-level policies and regulations.
• Implementation of the security controls on Mobile Apps as well as Web Apps and APIs using Static application security testing (SAST), Dynamic Application Security Testing (DAST).
• Conduct, review, update and administer the information security program.
• Develop and maintain information security guidelines, practices, standards, and policies.
• Create, Review, Update, and Implement the information security policies and procedures.
• Ensure compliance with ISO 27001 (ISMS) and ISO 27701 (ISPMS).
• Develop and maintain information security awareness and training program and security standard compliance reporting.
• Conduct application, database, and network services security reviews to identify policy non-compliance and security vulnerabilities.
• Superlative communication skills, particularly the ability to communicate as a leader.
• Suggests the appropriate security controls to protect assets and activities covered within ISPMS Scope.

Qualification and Experience:

• A bachelor’s degree in computer science, information security, or a related field; master’s degree a plus.
• 4+ years of experience in application security, information risks, and developing security threat solutions.
• Familiarity with regulatory requirements related to handling information, including SOX, HIPAA, and Payment Card Industry/Data Security Standard (PCI).
• Proficiency with firewalls, endpoint security, mobility management, and vulnerability scanning.
• Oversee implementation of new policies and procedures.
• Monitor security system to identify new threats or needs for updates.
• Train employees on security awareness and new procedures.
• Strong troubleshooting skills and analytical abilities in handling complex cyber threats.
• Professional Certifications
  • ISO 27001 LA/LI is a must
  • PCI DSS
  • CEH
  • CompTIA Security+
  • OSCP