Descriere
Tasks description:
- Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
- Strong analytical skills with a proven track record of requirements mapping and traceability
- Exposure to testing in rigorous security regimes/ design
- Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
- Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
- Exposure to testing in rigorous security regimes/ design
- Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
- Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions
- Expert knowledge of Cloud infrastructure, security architectures, and standards
- Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures / Network Infrastructure at technical and managerial levels
- Strong technical writing and verbal communication skills required
- Knowledge of web security concepts covering network through application layers
- Good understanding of hardware load-balancing, firewalls, multi-tiered architectures
- Knowledge of AWS services and security controls
- Proven industry experience in application and infrastructure security testing
- Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc
- Strong analytical skills with a proven track record of requirements mapping and traceability
Requirements:
- Have technical knowledge and hands-on experience with IT/information security/ cyber security / Network Security standards and frameworks such as ISO27001, NIST CSF and GITC
- Good experience in Application & Infrastucture Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training , Run Time Application Secuirty Testing and Security Compliance Activities
- Good understanding of OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results
- Experience of security testing toolsets e.g. MicroFocus Fortify SCA (Static Analysis) WebInspect (Dynamic Vulnerability), App Defender, Black Duck, Sonatype (opensource), Qualys (DAST) and TripWire (IP360)
- Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.)
- Source code review experience.
- Experience in using HP ALM, Jira
- Experience on Security Incident Event Management (ArcSight & Splunk)
- Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms
- Certifications in Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council (CEH), OSCP/OSCE, CISA, CEH
- Defect Management (ideally using HP ALM)
- ISEB Foundation Certificate in Software Testing