IN-Senior Associate_ SOC _Managed Services _ Advisory_Mumbai

Job Description & Summary: A career within….

Sr. No Category Description

1 Professional Qualification Minimum 3 years post basic qualification experience in any of the below: · IT / IT Security / Information Security in Banking, financial services and insurance (BFSI)/ Non-Banking Financial Company (NBFC)/ Financial Technology (FinTech)/ renowned MNCs. Atleast 2 years of experience in the below area: · Assessment of security posture · Providing recommendations for secured deployment and operations of RH OpenShift platform and CI/ CD pipeline. · Experience in tools like Gitlab, Android Studio, Flutter, Junit, Jest, Jacoco, Maven, SonarQube, Xcode, Tomcat, Liquibase, Jenkins, Nexus, Helm, Selenium, Apium, Postgres, Fluentbit, eMasIAM, Alation, Qlik, JISA HSM etc.

2 Educational Qualification 1. B.E / B. Tech in: · Computer Science / Computer Applications · Information Technology · Electronics / Electronics & Communications / Electronics & Telecommunications / Electronics & Instrumentations 2. MCA / M.Sc: · Computer Science · Information Technology from Government recognized university or institution

3 Required Certification Preferred (Any-one): - · IACRB – Certified Application Security Specialist · CSSLP - Certified Secure Software Lifecycle Professional (ISC2). Or equivalent.

Responsibilities · Conduct security assessment of application deployed on container based architecture covering areas such as, Secured Network Architecture, Vulnerability Assessment, Penetration testing, Secured Configuration Assessment, Process Assessment, Data Security Assessment, Third Party Security Assessment (including cloud applications), Source Code Assessment, Application Security review, API Security review, DataBase review etc. · Conduct rule configuration and policy review of the tools implemented in the CI / CD pipeline. · Review the CI/CD pipeline with respect to industry standards and provide gaps with respect to security. · Perform in-depth analysis of container images, identify the vulnerabilities and provide recommendations in accordance with security best practices, industry standards (e.g., OWASP, NIST) and regulatory requirements.

· Define test cases covering all aspects, for extensive security testing of the applications/ container images under development. · Recommend the test case scripts for deploying on the security DAST tools such as Fortify Web-inspect DAST tool integrated with CI/CD pipeline for automated testing. · Provide recommendations for seamless integration of security practices and secured deployment of CI/CD pipeline consisting of code and container image repositories like GitLab, Quay etc. testing tools like Junit, Jest, Jacoco, Fortify Web Inspect, RH Scanner etc. · Provide recommendations for secured deployment of OpenShift platform for development, testing, release management, deployment, operations and monitoring of container-based applications. · Develop and maintain threat models for container-based applications deployed on RedHatOpenShift platform, to proactively identify potential security risks. · Provide recommendations on Implementation of mechanisms for continuous monitoring to detect and respond to security threats in real-time. · Provide recommendations on secured configuration of OS and other components of technology stack. · Provide recommendations on maintenance of comprehensive documentation of security processes, configurations, and findings.

Mandatory skill sets:

SOC

Preferred skill sets:

SOC

Years of experience required:

3 – 5 years

Education qualification:

Btech MBA MCA MTECH