Unilever Sr. Executive - Info Security Config in Bangalore, India
Sr. Executive - Info Security Config
MAIN JOB PURPOSE:
As a Vulnerability & Penetrating Testing Lead, you will be leading the Threat and Vulnerability Management (TVM) team which provides state-of-art automated Infrastructure & web application security scanning services globally across Unilever.
You will plan implement and run automated Infrastructure/Web vulnerability solutions.
You will manage a team that plans scanning schedules, analyzes vulnerability reports to verify false ves/-ves, and find workarounds and automation for our Vulnerability Scanning processes.
You will also work with multiple stakeholders and Remediation teams in driving Remediation efforts across different estates (both Infra and Web) and drive this as a continuous process.
You will be responsible to conduct deep dive Penetration Testing (Red Team) exercise on all Unilever Critical Assets globally.
You will create and manage an annual assessment calendar and ensure adherence
JOB SUMMARY (JOB DESCRIPTION)
Work and lead the team to Analyze Qualys Vulnerability Scan reports and Qualys web application security scanner reports and validate false positives and false negatives
Create exploits, proof-of-concept for Infra and web application vulnerabilities (to prove they are true positives)
Analyze and suggest workarounds for issues
Provide expert advice to customers/support team on optimal configuration for best scan results
Work with operations, support and engineering team to debug field issues
Lead a Red Team in performing Penetration Testing on Perimeter Devices/Servers, Critical on-prem Applications, Cloud based solutions/Applications.
Plan and carry out activities based on an annual PT calendar. This involves planning and conducting over 75 Penetration Testing exercises annually.
Assess and recommend controls based on industry standard frameworks including National Institute of Standards and Technology (NIST), Open Web Application Security Project (OWASP), ISO 27001:2013, Control Objectives for Information and Related Technology (COBIT), Information Technology Infrastructure Library (ITIL), etc.
Be abreast with the latest technology solutions and evaluate options to upgrade the current technology solutions that are in use.
Attend conferences; keep up to date with the industry best practices. Recommend security enhancements to current implementations to improve security along with usability.
KEY REQUIREMENTS (EDUCATION, WORK EXPERIENCE & SKILLS)
Graduate in IT / Computer Science with 4 years of experience in Infrastructure & web applications security assessments, especially DAST/BlackBox tools, possess experience conducting Red Team Penetration Testing initiatives.
Hands on experience with Infra & web applications security scanning tools like Qualys, Rapid7, Burp/Zap, SQLMap, curl/wget, HTTP Proxy
Strong analytical and problem solving skills
Understanding of selenium scripts
Passion for web security
Highly skilled in conducting manual Infra/application Penetration Testing security.
Knowledge in various open source security tools such as proxies/interceptors, fuzzers etc.
Expertise in web technologies (Java/J2EE/ Struts/ .Net)
Knowledge of attack vectors from OWASP, WASC and mitigation of the same.
Good knowledge of security infrastructure components such as PKI, RMS, Active Directory, ADFS, Azure ACS, Amazon Web Services etc.
Excellent understanding of Mobile Device security, operating systems and their architecture, security test practices, compliance and governance frameworks such as PCI, HIPAA, GLBA, NIST vulnerability assessments.
Should be highly skilled in conducting manual security assessments on native mobile applications built on Android and iOS platforms per OWASP Mobile Top 10.
Plus to have experience in Android Java and Objective C
Strong attention to details
Strong communication and team-work skills
Ability to work independently and self-learner
Good to have
In-depth Knowledge of HTTP protocol (Requests, responses, Cookies etc.)
Understanding of web application vulnerabilities, OWASP top 10
Good understanding of regular expressions
Working knowledge of different flavors of Windows and Linux
Security certifications (at least one) Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) or Certified Information Systems Security Professional (CISSP).
Ability to develop knowledge objects, tools and intellectual capital to support the internal engagement assignments.
Excellent interpersonal skills (listening and communication) characterized by effective interactions with a diverse range of internal and external constituents, stakeholders and audiences.
Strong influencing and conflict resolution skills especially with senior management.
Job: Information Technology
Primary Location: India-Karnataka-Bangalore-ETSC - Bangalore
Shift: Day Job
Unposting Date: Jul-27-2017
Req ID: 170009Z6