Technical Assistant-Web and Software Application Security

Post Code CDACS/TA/SAS/01
Division Software Technology(SWT)
Name of the Post Technical Assistant
Domain Web and Software Application Security
Desired Experience Web and Software Application Security and Audit
Job Profile
  1. Ability of formulate policies, procedures and processes in Information Security domain
  2. Ability to analyze black box, grey box and white box vulnerability assessment and penetration testing exercises of web applications, network, mobile applications and recommended mitigation.
  3. Perform vulnerability and penetration testing.
  4. Compliance testing for various Cyber Security standards towards implementation of security policies and controls.
  5. Implementing and mainlining security controls by adopting International best practices
  6. Internet traffic monitoring, IP, Domain Name, user profiles tracking using Open Source Intelligence
  7. Carry out proactive security testing as a routine activity based on the defined policies and control structures
  8. Conduct and ensure periodic infrastructure audits (network, servers and systems) and investigation of any cyber violations
  9. Analysis and assess the vulnerabilities in the infrastructure (software, hardware, networks) and devise the possible counter measures.
  10. To be part of the Blue team and red team cyber security drills.
  11. Ensure cyber security practices and Secure SLDC for all in-house and outsourced applications development.
  12. Implement system security engineering across the program acquisition life cycle performing and analyzing assessment activities.
Desired skill set Application Security Audit
  1. Experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
  2. Advanced knowledge on Windows and Linux operating systems based applications
  3. Strong knowledge of system vulnerabilities and security issues.
  4. Experience with scripting, monitoring tools and automation tools.
  5. Familiar with backup and recovery software and methodologies
  6. Experience in vulnerability assessment and penetration testing of web applications, operating systems, Mobiles apps & Database.
  7. Familiar & hands on experience with commercial/open source VAPT tools such as NMAP, Nessus, OWAP Zap, Burp suite, Netparker and exploit frameworks like Metasploit
  8. Experience in identifying and remediating common web application vulnerabilities.
  9. Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
  10. Familiarity with APT attack and kill chains.
  11. Sound knowledge of Vulnerability Assessment, Penetration Testing and Technology Risk Management across different application stacks such web applications, mobile applications, Thick clients and APIs
  12. Thorough knowledge about Secure coding practices and ability to perform secure code review
  13. Knowledge of common information security management frameworks such as NIST, GIAC, SANS, CIS Benchmarks, OWASP, etc.
  14. Preferred Industry recognized certification(s) in Information Security
  Apply Now

Back to previous page

For any clarification, please contact.
HRD Department
C-DAC IIPC Building, NIT Silchar Campus, Silchar, Assam
Phone No. 03842-242009
Email:hrd-sil[at]cdac[dot]in