Senior Engineer – Information Security Compliance
Multinational telecom company.
- Working with stakeholders to prepare the asset scope for scanning information systems.
- Register the assets in the scanning tool and perform scanning as per the agreed schedule.
- Perform, review and analyze security vulnerability data to identify applicability and false positives
- Work with application owners to understand the application architecture to perform the web application scanning.
- Configuring and tweaking the scanning tools for web application assessments, without impacting the web application.
- Manually inspect and validate the security issues reported from the scanner and remove those false positives
- Triage of the security findings to determine the likelihood, impact, and security risk of the identified security issue
- Work with various stakeholders across the organization to ensure that information systems are adhering to the standards defined in the organization security policy.
- Perform periodic review of the contracted customer delivery against ISO27001 standard.
- Test the security control effectiveness and identify gaps (if any).
- Publish report as per the defined schedule on identified security vulnerabilities as well the control gaps identified during security control review.
- Provide recommendations and advisory services to the information asset owner(s) and / or administrators to assist during remediation.
- Assist in security exception handling process.
This role is part of the Security Compliance & Governance department. The primary objective is to identify security control gaps as well known vulnerabilities and to ensure that the customer delivery unit adheres to the security compliance requirements as per the organizations security policy and applicable regulatory requirements.
- 5 to 8 years of experience in IT with minimum 5 years of experience in Vulnerability management & web application assessments
- Good documentation, analysis skills
- Good understanding of the IT & Telecom environment.
- Flexibility and ability to work both in a team as well as individually.
- Able to perform knowledge transfer.
- Customer oriented, Service minded.
- Excellent communication skills
Desirable technical Skills:
- Understanding of system and network IT vulnerabilities
- Familiarity with system patching and secure configurations
- Experience in vulnerability Assessments using Automated Scanners and Manual Security Testing tools and methodologies
- Experience analyzing common types of attacks
- Knowledge of attacker tactics, techniques, and procedures
- Security certification such as CEH, OSCP, CISA, CISSP Will be an advantage.
- ITIL certification is an advantage.
- TCP/IP networking including IP classes, subnets, multicast, NAT
- WINS, DNS, and DHCP, Network troubleshooting
- OS and Server technologies
- Knowledge of scripting such as Python, BASH, Perl, or PowerShell would be added advantage.
- Good understanding of ISMS (Information Security Management System), ISO27001 standard and prior experience of conducting IT Audits.
- Should be adept at conducting gap analysis & risk assessments to identify high risk areas and recommend controls to address the risk areas.