Greetings from Netsach - A Cyber Security Company.

We are looking for Mobile Application Security with 3 yrs of relevant experience and mandatory skills set are Web and Mobile Application Security, Security Code review, API security, Platform security, IAST, SAST, DAST.

Job Title: Mobile Application Security/ Pentester

Exp: 3+ - 5yrs

Job Location: Bangalore

Job Type: Full-time

Interested candidates please share your resume at emily@netsach.co.in and netsachglobal.com

Job Description

1. Job Overview

The primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

2. Job Purpose 

Primary/General Job Purpose:

• Encourage ‘Shift Left’ Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle

• Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees

• Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

Key Skills – Web and Mobile Application Security, Security Code review, API security, Platform security, IAST, SAST, DAST,

• Tools and Technologies – Expertise Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift and good knowledge about microservice architecture and pipeline driven security.

Experience with following Components:

3. Technical Requirements

Application Security Assessment Skillset

1. Mobile App testing (Android & iOS)
2. Web Application Security
3. Security Code Review
4. Container Review
5. Infrastructure Review
6. WAF rules review

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement “good architecture principles” to lower technical debt
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
• Ability to work under pressure and meet tough/challenging deadlines
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
• Has strong decision making, planning and time management skills.
• Can work independently.
• Has a positive and constructive attitude.

4. Person Specifications (required to carry out the job, not what the current or recommended incumbent possesses)

Specifications

Description of Knowledge / Skill etc.

Desirable or Essential

1. Education

• General
• Professional

Bachelor’s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar

• General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar

Essential

Desirable

• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Must have minimum 4 years of experience in an information

Essential

B. Experiences

security function with good background in information

(Years & Type)

technology, stakeholder management and people

• Industry

management

• Regional

• Functional

Minimum 3 years of experience, as a Security Engineer

Essential

especially in Cloud Native environments

Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation Skillset

Essential

Expert at the technology and frameworks in his/her area of expertise, and coach other architect on development standards and best practices.

Desirable

Good understanding of Microservice based architecture (Technical)

Desirable

Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security

Desirable

Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical)

Essential

1. Knowledge & Skills

• Technical
• Functional
• Managerial

The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise

The Analyst / Engineer can understand and interpret potential issues found in source or compiled code

Desirable Desirable

The Analyst / Engineer has automation skills/capability in the form of scripting or similar

Desirable

The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures

Desirable

Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories

Desirable

The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance

Desirable

The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.

Desirable

The Analyst / Engineer can interpret and understand

Desirable

Thank You

Emily Jha

emily@netsach.co.in

Netsach - A Cyber Security Company

www.netsachglobal.com

+91 8050023824