Job Description

Position Details- Position: VAPT Lead Experience: 8-12 years Job Location: Powai, Mumbai - WORK FROM OFFICE Number of Position 1 Description: We are looking for VAPT LEAD who will be responsible for running automated and manual security scans which include but not limited to SAST, DAST, IAST, Mobile, Web, API and ad-hoc pen-testing. The candidate will play a key role of integrating Security element in DevSecOps The role entails taking responsibility of analysing security vulnerabilities and capability to provide mitigation solutions to fix issues, providing guidance to application teams, and coordinating with cross functional teams across the platform. Responsibilities: Hands-on experience creating and implementing DevSecOps pipeline using CICD automation tools like Jenkins, Automated scanning tools, BurpSuite, and open source tools. Implement Application Cyber Security Controls/Policies developed by IT Security Team. Ability to demo security vulnerability to application teams. Drive application security issues to a resolution. Provide a clear guidance to application teams during vulnerability mitigation effort Conduct application security assessment on periodic intervals and for every release Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status to Head of IT Security Categorize and recommend assessment strategies for existing and new application development Coach development and vendor teams on application security Develop user training material on secure coding and conduct training sessions Coordinate and execute IT security projects Integrate the Application and DevOps processes and CI/CD pipelines from early stages of the development lifecycle. Evaluating and on-boarding security tools such as SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple tech stacks. Contributing features to internally developed Cyber security tools, and integrate those tools into the Security DevOps pipelines. Driving continuous improvement for Security DevOps pipelines and processes, and to the Cyber security tools, services, and processes. Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises Research best practices for a variety of technologies and document / advice on solutions for security for multiple teams Develop, improve and monitor system compliance with the IT framework for controls and levels of access Collaborate with internal teams to manage and mitigate security vulnerabilities and risks Collaborate with software engineering and digital team to deliver integrated security solutions, and improve developer security practices Collaborate on Red Team penetration testing of IT systems Essential Qualification: Tenable/Qualys tool experience is mandatory. Experience with Dockers, Kubernetes, Terraform Good to have Appsec, API Testing, Infra Cloud Security testing experience. Must have experience with a modern version control system such as: Git, Github, GitLab. CISSP, OSCP or other security certifications desired. Experience with infrastructure as code and technologies behind it (Terraform preferred) Must have 4+ years of progressive experience in computing and information security. Capable of analysing data from various data sources and generating reports, charts and graphs. • Proven experience with at least one of the following technologies: MySQL, Postgres, FireBase, Google Cloud Storage and willing to learn and fill in any gaps. Working knowledge of agile methodology, techniques, and frameworks, such as Scrum or Kanban Excellent people and project management skills. Strong communication and presentation skills. Strong analytical and problem-solving skills.