Job Description

Designation

Location: India Maharashtra Thane \- GCorp

Organization: Financial Services

*Job Description:**
-------------------

*Key Result Areas**

Supporting Actions

*Application Security Governance**

Ensure Security test is conducted as per the scope agreed in timely fashion and deploy compensatory controls for all open risk from zero day of identification and closure of all vulnerabilities as per agreed timeline

*VAPT and Security Config Audit of Network Devices, DMZ Assets, MZ Assets**

Vulnerability Assessment (Automated), Security Config Audit and Penetration Testing (Manually) of all the systems Governance\- Assistance in vulnerabilities closure to respective technical SPOCs.

*Implementation of ASLC and DevSecOps Framework for ABCD and Application Security\- Advisory**

Governance of ASLC, DevSecOps at ABCD level. Conducting Seminars/Workshops/Training session on Application Security. Design and deploy framework to measure the effectiveness of these trainings. 100 % ASLC Documentation for all new \& old Apps of ABCD. Monthly Reporting on the same to the CISO

*Web Application Firewall\- Technical Advisories and Governance**

WAF evaluation, fine tuning of Web Apps, Technical governance at ABC level. On boarding 100 % current Internet facing applications of ABC and 100 % new Internet facing applications of ABC from Day 1\. Configure it on preventive mode within 2 weeks and monitor the logs and action the same.

*Red Teaming Activity\- Red Teaming activity (Blackbox) across all businesses of ABC**

Red Team Assessments focus on giving your security team practical experience combating real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed\-upon objectives.

The objectives are to compromise the Organization’s email boxes, critical information/data and the ultimate goal is to compromise the Active Directory which is considered as a critical component of any organization which stores data, ID and email, mailbox, login related information, etc.

An Attacker/Hacker who gets success in compromising the Active Directory can further breach into the entire Network and Infrastructure of the Organization.

To Conduct 4 Blackbox Red Team Assessments in a year and ensure closure of the same within 2 weeks or process risk sign off by the businesses.

*Evaluation of Security Products (EDRs, WAFs, etc)**

To conduct the POCs for Security products by Attacking applications/devices/products on real time basis by adapting Red Teaming approach. Submission of POC results/reports to the Group CISO. This shall help ABC in good decision\-making of buying the **precise** Security product.

*Conducting AD Security Assessment for ABC**

To conduct the AD Security Assessment across ABC once in a year. Submission of POC results/reports to the Group CISO, work closely with stakeholders on the closure of findings. Validate the same to provide the signoff...