Address
SalaryDescription
Position Name: Security Test Manager
Department: Madhya Pradesh State Electronics Development Corporation
Job Type: Fixed Term up to 2 years. Extendable on the basis of performance
Job Objective:
1. The Security Test Manager will oversee a team of auditors and ensure their compliance with corporate and government standards especially as per the CERT-IN norms.
2. The incumbent shall assign staff, supervise planning and oversee specific audits as well as reviews all work papers, ensuring audits are performed with best industry practices and within the time & budget allotted.
3. The incumbent shall point out system flaws and promote efficient practices by recommending improvements in processing capability, user interface, and security designs.
Job Role Pointers:
1. The Security Test Manager will oversee a team of auditors and ensure their compliance with corporate and government standards especially as per the CERT-IN norms.
2. The incumbent shall assign staff, supervise planning and oversee specific audits as well as reviews all work papers, ensuring audits are performed with best industry practices and within the time & budget allotted.
3. The incumbent shall point out system flaws and promote efficient practices by recommending improvements in processing capability, user interface, and security designs.
4. The incumbent shall review and finalize the audit plans, test cases, and test scenarios to perform the security audit.
5. The incumbent will overall responsible for VAPT (Vulnerability Assessment & Penetration Testing) and finalization of audit reports, co-ordination with CERT-IN for filing the quarterly/yearly reports.
Essential Criteria:
Education Details:
B.E / B.Tech (in any stream)
OR
Post- Graduation in (CS/IT) or Equivalent.
Certification Details:
Must have any one of the following certifications:
1. Certified Information Systems Security Professional (CISSP).
2. Certified Information Security Manager (CISM) of ISACA.
3. Certified Information Systems Auditor (CISA) of ISACA.
4. Diploma in Information Systems Audit (ISA or DISA) of ICAI.
5. Certified Ethical Hacker (CEH) by EC Council.
6. Any other formal IT Security related certifications like Offensive Security, GSSP, CSSLP, ECSP, CCIE-Security, JNCIE-Security, ISMS LA, GIAC, CompTIA Security+, Industry prevalent GRC certifications etc. from recognized institutes.
Work Experience:
8+ years’ of relevant experience in IT Network and Infrastructure security implementation and operations in which 2 year should be at managerial role.
Preferable:
1. Should have overseen at least eight IT Security Audits, preferably five of which should be in the last 12 months in line with the CERT-IN norms.
2. 5 years of relevant experience in security operations setup as an Information Security / Infrastructure Security / Application Security / Network Security / Cyber Security Engineer/ Consultant / manager.
3. Exposure to security standards like ISO 27001, PCI-DSS etc.
4. Exposure to cyber security frameworks like OWASP, SANS, NIST etc.
Desirable Skills and Experience:
1. Should have experience with IT security operations (SOC) and NOC (Network Operations).
2. Should have experience IT infrastructure & Web Application security.
3. Experience and knowledge of Web Application Security, mobile application security OWASP/SANS etc.
4. Should have experience in Vulnerability identification, management and prioritization.
5. Experience in analysing and in identifying the vulnerabilities manually.
6. Experience in application and network penetration testing.
7. Experience in Vulnerability scanning - Network and Application scans, Vulnerability Assessment, Management & Security Auditing.
8. Experience in using tools such as Nessus, Acunetix, Appscan etc.
9. Experience in using Burp suite, Scripts and Kali Linux, Metaexploit and other such static analysis tools.
10. Experience in developing the hardening guidelines with inputs on improving and maintaining baseline standards.
11. Should have the ability to stay organized, and possess excellent communication skills.
12. Vulnerability & Risk assessment and management.
13. Network and Infrastructure Security assessment and management.
14. Server, Desktop and Endpoint Security planning, implementation and hardening
15. Security Incident management. Exposure to SIEM.
