Educational requirements: Bachelor
English requirements: Competent English
Requirements for skilled employment experience for years: 3-5 years
Required residence status: Temporary visa, Permanent resident, Citizen
Accept remote work: unacceptable
ROLE
Experience in setting up and executing VAPT using open and commercial tools. Experience in setting up and executing DAST using open and commercial tools. Should possess a combination of strong technical knowledge across multiple information security domains and a solid development background. Knowledge and experience of application security frameworks; for example, OWASP (Open Web Application security Project). Understanding of ethical hacking and methodologies involved. Large technical skillset allowing or the testing of web applications and cloud platforms. Hands on experience in thread Modelling, SAST, DAST and Web Application security including OWASP 10 and SANS 25. Monitors, analyzes, and remediates cybersecurity events by adhering to defined operating procedures; works problem tickets, escalates and creates cases as needed; Ability to recommend, assess and evaluate new security technologies. Security incident management experience. Experience of info/cyber security continued professional development and awareness. Experience in project management and technical delivery. To Perform Vapt - Vulnerability assessment and penetration testing. To Perform DAST - dynamic application security testing. To Perform Web application Security. Provides consultation and guidance to users, aligning to best practices while supporting customer needs. Builds strong relationships with business partners and sister teams across the Information Security organization while promoting diversity and inclusion amongst the team. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cybersecurity threats, and a validated track record of a hands-on approach to maturing defense capabilities in highly targeted environments at scale. Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone. Strong technical knowledge and experience required in areas of vulnerability assessment, risk-based threat analysis and vulnerability mitigation. A minimum of 3 to 5 years’ of Information Systems security or related data processing auditing experience. Any of the following certifications: Certified Intrusion analyst (GCIAs), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), CEH, Security certification. Familiarity with Regulatory Compliance and industry standards. Proficient in programming with at least one modern language such as Python, Powershell, Shellscripting, Java, Rust, Go. Developed and implemented Devops practise. Configure security tools for static security code analysis and 3rd party and vulnerability analysis. Preferred Qualifications
Proficiency in two or more of the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security, DAST, SAST Proficiency in two or more of the following pillars: Phishing, DLP, Compliance, Networking, Forensics, Big Data, Threat Intel, Operating Systems, Reverse Engineering Contributes back to the cybersecurity community through teaching or through code. Certified Azure or AWS.
