Post

Desirable: Certification such as CISSP, CISM,CISA ,GIAC GMON/ GCFA, OSCP, EC Council CEH/Security Analyst/LPT or equivalent

• Expertise in Cyber Defense, SOC, cloud/server and network infrastructure security
• Experience in security operations and incident response
• Excellent analytical thinking and problem-solving skills
• Prior experience as a SOC analyst/ SOC Engineer/Cyber Security Analyst is of paramount importance, to demonstrate hands-on capabilities
• Demonstrated experience in developing and implementing security policies, procedures, monitoring and incident response plans.
• Experience with security tools such as SIEM, SOAR, UEBA & NDR, intrusion detection systems, vulnerability scanners, etc.
• Strong leadership and team management skills, with the ability to motivate and guide a diverse security team.
• In-depth knowledge of security best practices, standards, and frameworks.
• Must have excellent written, communication and verbal skills to assist with communications with clients
• Ability to lead, influence and collaborate with multiple clients, proven delivery, remediation and incident response background
• Solid background in security incident response and vulnerability management

• Lead and manage Security Operations Centre
• Must be hands on in terms of creating detection logic, monitoring alerts etc.
• Primarily responsible for security event monitoring, management and response
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Provide input/review and development of security and compliance controls and vulnerabilities against policies, standards, and frameworks
• Conduct manual validation to confirm vulnerability closure
• Revise and develop processes to strengthen the current Security Operations Framework
• Regularly review standard operating procedures and protocols to ensure SOC continues to effectively meet operational requirements
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Continual process improvement in infrastructure security assessments, reporting and remediation to reduce risk.
• Creation of reports, dashboards, metrics for SOC operations
• Evaluate existing technical capabilities and systems and identify opportunities for improvement
• Oversee training and exercises to ensure SOC team proficiency, conduct after action reviews to identify lessons learned and best practices
• Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments
• Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise - both technical and non-technical resources
• Evaluate key threat intelligence feeds, assesses risk, and recommends actions for cyber security operations improvements
• Advise clients regarding patch notifications, initial risk assessment, eligible systems, and deployment requirements
• Perform assessment of internal and third-party cyber security risk

Post

• Knowledge of Software QA methodologies, tools and process.(Mobile and Web both)
• Good knowledge of Bugzilla, Jira, google docs for reporting and tracking the bugs.
• Knowledge of black box, responsive testing, regression testing, API testing, Performance testing, smoke testing
• Knowledge in network and security domain
• Knowledge of disaster recovery, computer forensic tools, technologies and methods
• Knowledge in vulnerability assessment, penetration testing of web application, mobile applications, network infrastructure
• Knowledge in Security Auditing methodologies and Security testing concepts
• Knowledge in open-source tools of vulnerability assessment and penetration testing
• Knowledge in Incident Response and Forensic Analysis, Identity and Access Management, Asset Management, Governance, Risk Compliance, Architecture and Policy
• Knowledge in secure coding practices and OWASP top 10
• Experience in UI/UX Design and development to work with multiple client (multiple stakeholders by diagnosing business and user needs).
• Create and present compelling design concepts as part of UI/UX strategy.
• Present design decisions to the stakeholders that are backed up by strong experience design principles and rationale.
• Experience designing for various devices and systems (mobile, handheld, Laptop/Desktop, display systems)

• Review requirements, specifications and technical design documents to provide timely and meaningful feedback
• Work closely with the development team to understand product architecture and functionality.
• Understand end-to-end testing requirements and maintain a test plan for functionality and system testing.
• Communicate test results to identify risks, dependencies, and escalate the same in timely manner.
• Develop and execute test cases, scripts, plans and procedures (manual and automated).
• Document test cases
• Perform and document risk analysis
• Record test progress and results
• Code automated tests
• Create test plans
• Develop standards and procedures to determine product quality and release readiness
• Discover bugs within software
• Drive innovation and streamline overall testing processes
• Identify, isolate, and track bugs throughout testing
• Identify any potential problems that users might encounter
• Perform manual and automated testing
• Research and analyze product features being tested
• Research new tools, technologies, and testing processes
• Review user interfaces for consistency and functionality
• Expected to test and prove that the software meets major architectural requirements with full understanding about the assigned project system development lifecycle experience, including designing, developing and implementing test plans, test cases and test processes fueling swift corrective actions, significant cost savings and fault-free audits
• Required to prepare cases for scalability and performance of a software
• Responsible for ensuring the quality of the system as a whole

• Identifying and analyzing user requirements
• Collaborate with internal and external teams, communicate with users/auditee teams and other technical teams
• Prioritizing, assigning and executing tasks throughout application security/infrastructure audit life cycle.
• Perform security testing for identifying vulnerabilities
• Carry out periodic penetration testing, vulnerability assessment activities and other security testing activities on networks, systems and applications, using open source and commercial tools.
• Secure Network Architecture Review, Application Security Review, VA/PT, Configuration Audit, Process Review, Source Code Review, API Review, Assessment of Forensic Readiness, Compliance Review
• Static & Dynamic Analysis of Mobile Applications by using versatile static & dynamic mobile security tools as per OWASP

Notification (CDACT/RCT/01/2024)