Job Description
Nature Of Assignment
Information Security Risk and Compliance Consultant will be providing risk-based analysis, which requires coordinating with clients for their business, taking details and organizing the same to ensure that the product or performed service adheres to a defined set of quality criteria
Application Penetration Tester to identify and resolve security vulnerabilities and weaknesses affecting applications and digital assets.
Role And Responsibilities
Regularly audit application/company procedures, practices, and documents to identify possible weaknesses or risk.
Participating in planning and implementing tools and processes to further enhance the risk management
Perform Risk Assessment support and facilitate the implementation of application controls that will provide the client organization with protection from compliance risk.
Proactively identify control deficiencies and emerging IT risks as candidates for risk assessments.
Understand laws and regulations pertaining to information security standards like PCI DSS, PA-DSS, PCI SSF Framework etc.
Perform penetration testing on internal application, cloud environment and internal environments, analyze and report results, design, and direct remediation.
Perform web and mobile application testing, source code reviews, threat analysis, Carry out the penetration testing and expose weaknesses in security
Secure the application from malicious activities and breaches.
Conduct manual penetration testing and source code auditing for a variety of technologies.
Required Skills
Experience in Client Management for assigned domestic or international client / region
Should have exposure to Auditing / Consulting environment for Payment Security audit projects
Should possess client management and delivery skills
Highly technical with hands-on experience in the latest security trends and technologies plus industry or business evolution.
Documentation expertise in auditing background.
Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc.
Understanding of programming languages such as PHP, HTML, JavaScript, etc.
Good exposure to any one of the scripting languages ( python, shell script etc.)
Desired Skills
Certifications: CEH, PenTest+, ISO 270001LA, CISA, CISSP Certification preferred.
Education Requirements
BE/BTech in Computer Science or Information Science
MTech in Computer Science or Information Science
Personal Attributes
Should be performance and learning focused
Should be professional, highly analytical, and possess excellent written and verbal communication skills in addition to IT fluency.
Strong cross-functional interaction skills; Experience working in a team-oriented, collaborative environment.
Ability to self-motivate and open to manage complex projects with multi-tasking.
Excellent organizational skills; High Ethical quotient
