Information Security Analyst/Specialist - Penetration Testing

Responsibilities : - Design and implement secure coding practices and guidelines. - Conduct application security assessments and code reviews. - Implement and manage application security tools and technologies. - Provide guidance and training to development teams on secure coding practices. - Perform vulnerability scanning and assessments of applications and infrastructure. - Analyze vulnerability reports and prioritize remediation efforts. - Develop and implement vulnerability management processes and procedures. - Track and report on vulnerability remediation progress. - Design and implement security controls for cloud environments (GCP or AWS). - Configure and manage cloud security services and tools. - Implement and maintain cloud security best practices. - Conduct cloud security audits and assessments. - Integrate security into the CI/CD pipeline. - Implement and manage security automation tools and scripts. - Collaborate with DevOps teams to ensure security is built into the development process. - Promote a security-first culture within the organization. Penetration Testing and Application Security Testing : - Conduct penetration testing and application security testing. - Analyze test results and provide remediation recommendations. - Stay up-to-date with the latest penetration testing tools and techniques. - Participate in security incident response activities. - Conduct root cause analysis and implement corrective actions. - Document security incidents and response procedures. - Ensure compliance with relevant security standards and regulations. - Develop and maintain security policies and procedures. - Conduct security awareness training for employees. - Manage and maintain security tools, including SAST, DAST, OWSAP, Qualys, SonarQube, Nexus, WhiteHat, Checkmarx, or similar. - Evaluate and recommend new security tools and technologies. Required Skills : - Strong understanding of application security principles and best practices. - Experience with secure coding practices and code reviews. - Experience with vulnerability scanning tools and techniques. - Ability to analyze vulnerability reports and prioritize remediation efforts. - Experience with cloud security (GCP or AWS preferred). - Understanding of cloud security best practices and services. - Experience with integrating security into the CI/CD pipeline. - Understanding of DevSecOps principles and practices. - Penetration Testing and Application Security Testing: - Experience with penetration testing and application security testing. - Knowledge of common attack vectors and mitigation techniques. - Experience with security tools such as SAST, DAST, OWSAP, Qualys, SonarQube, Nexus, WhiteHat, Checkmarx, or similar. Preferred Skills : - Relevant security certifications (CISSP, CISM, CEH, OSCP). - Experience with security automation and orchestration tools. - Knowledge of security frameworks and standards (NIST, ISO 27001). - Experience with security information and event management (SIEM) systems. Qualifications : - Bachelor's or Master's degree in Computer Science, Information Technology, or a related field. - 7-12 years of experience in cybersecurity. - Proven experience in application security, vulnerability management, and cloud security. - Strong understanding of security principles and practices. (ref:hirist.tech)

Location: pune, IN

Posted Date: 4/19/2025