IT Auditor - Technical Security

Job Description

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks.

Responsibilities

 Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities.

 Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products.

 Assess and enhance API security by evaluating API designs, configurations, and

implementations for potential security risks and vulnerabilities.

 Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls.

 Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities.

 Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies.

 Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks.

 Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications.

Requirements :

 Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred)

 5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications.

 4 to 7 years of experience in performing Source Code Reviews for web applications and software products.

 Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc.

 Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques.

 Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms.

 Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C / C++, etc.).

 Knowledge of cloud security and DevSecOps processes.

 Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities.

 Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders.

 Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.

Skills Required

Java, Metasploit, C, Cloud Security, Nessus, Vulnerability Assessment, Penetration Testing, Burp Suite, Web Application Security, DevSecOps, Source Code Review, API Security, Owasp Top 10, Python