American Express - Information Security Analyst - Penetration Testing (5-8 Yrs) Bangalore (Others) by American Express

XpatJobs (November-2017 से पंजीकृत) ने 9 दिन पहले इस नौकरी को पोस्ट किया था

Job Description : Information Security Analyst - Penetration Tester - This position, reporting to the Director of Third Security Monitoring, will be part of a team responsible for the assessment and continuous monitoring of the companys most critically sensitive third parties.
-The team is also responsible for performing in-depth technology and information security assessments of critical third parties.
-The person in this position will be responsible for assessing application security of third-party services, and providing process recommendations, and performing testing of program controls. Responsibilities also include : - Support execution of technical assessments for the companys most critical third parties - Assist with evaluation of tools / technologies to support assessment and monitoring capabilities - Perform on-going tracking and monitoring of progress Qualifications : Requirements : - Must have 5 years of experience in application/network/web/mobile penetration testing and tooling, advanced red team, or application security engineering and architecture, preferably in a large and distributed operating environment - Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability, change management - Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP) - Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr - Expert knowledge of OWASP Top 10 and ability to articulate web security risks - Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat - Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus - Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus - Knowledge of SDLC, Agile, Waterfall, or Scrum - Information Security, Security Testing and/or Risk Analysis Experience - A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management - Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion - Proven excellent relationship management skills with all levels of the enterprise are required.
-Ability to effectively collaborate across teams - Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders - Ability to identify gaps between ones skillset and the needs of the team - Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps - Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea - Involving the right people to ensure the best decisions are made in a timely manner - Ability to analyze complex information and identify the most relevant details - Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity - Strong sense of personal accountability and ability to drive results - Bachelors Degree in Computer Science, Engineering or similar technical field of study, or equivalent practical

Required Skills : English