Unilever Sr. Executive - Info Security Config in Bangalore, India

Sr. Executive - Info Security Config

Description

MAIN JOB PURPOSE:

As a Vulnerability & Penetrating Testing Lead, you will be leading the Threat and Vulnerability Management (TVM) team which provides state-of-art automated Infrastructure & web application security scanning services globally across Unilever.

You will plan implement and run automated Infrastructure/Web vulnerability solutions.

You will manage a team that plans scanning schedules, analyzes vulnerability reports to verify false ves/-ves, and find workarounds and automation for our Vulnerability Scanning processes.

You will also work with multiple stakeholders and Remediation teams in driving Remediation efforts across different estates (both Infra and Web) and drive this as a continuous process.

You will be responsible to conduct deep dive Penetration Testing (Red Team) exercise on all Unilever Critical Assets globally.

You will create and manage an annual assessment calendar and ensure adherence

JOB SUMMARY (JOB DESCRIPTION)

  • Work and lead the team to Analyze Qualys Vulnerability Scan reports and Qualys web application security scanner reports and validate false positives and false negatives

  • Create exploits, proof-of-concept for Infra and web application vulnerabilities (to prove they are true positives)

  • Analyze and suggest workarounds for issues

  • Provide expert advice to customers/support team on optimal configuration for best scan results

  • Work with operations, support and engineering team to debug field issues

  • Lead a Red Team in performing Penetration Testing on Perimeter Devices/Servers, Critical on-prem Applications, Cloud based solutions/Applications.

  • Plan and carry out activities based on an annual PT calendar. This involves planning and conducting over 75 Penetration Testing exercises annually.

  • Assess and recommend controls based on industry standard frameworks including National Institute of Standards and Technology (NIST), Open Web Application Security Project (OWASP), ISO 27001:2013, Control Objectives for Information and Related Technology (COBIT), Information Technology Infrastructure Library (ITIL), etc.

  • Be abreast with the latest technology solutions and evaluate options to upgrade the current technology solutions that are in use.

  • Attend conferences; keep up to date with the industry best practices. Recommend security enhancements to current implementations to improve security along with usability.

KEY REQUIREMENTS (EDUCATION, WORK EXPERIENCE & SKILLS)

  • Graduate in IT / Computer Science with 4 years of experience in Infrastructure & web applications security assessments, especially DAST/BlackBox tools, possess experience conducting Red Team Penetration Testing initiatives.

  • Hands on experience with Infra & web applications security scanning tools like Qualys, Rapid7, Burp/Zap, SQLMap, curl/wget, HTTP Proxy

  • Strong analytical and problem solving skills

  • Understanding of selenium scripts

  • Understanding of HTML/DOM, XML, CSS, Javascript and Javascript frameworks like JQuery, Ajax

  • Passion for web security

  • Highly skilled in conducting manual Infra/application Penetration Testing security.

  • Knowledge in various open source security tools such as proxies/interceptors, fuzzers etc.

  • Expertise in web technologies (Java/J2EE/ Struts/ .Net)

  • Knowledge of attack vectors from OWASP, WASC and mitigation of the same.

  • Good knowledge of security infrastructure components such as PKI, RMS, Active Directory, ADFS, Azure ACS, Amazon Web Services etc.

  • Excellent understanding of Mobile Device security, operating systems and their architecture, security test practices, compliance and governance frameworks such as PCI, HIPAA, GLBA, NIST vulnerability assessments.

  • Should be highly skilled in conducting manual security assessments on native mobile applications built on Android and iOS platforms per OWASP Mobile Top 10.

  • Plus to have experience in Android Java and Objective C

  • Strong attention to details

  • Strong communication and team-work skills

  • Ability to work independently and self-learner

Good to have

  • In-depth Knowledge of HTTP protocol (Requests, responses, Cookies etc.)

  • Understanding of web application vulnerabilities, OWASP top 10

  • Good understanding of regular expressions

  • Database/SQL knowledge

  • Working knowledge of different flavors of Windows and Linux

  • Security certifications (at least one) Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) or Certified Information Systems Security Professional (CISSP).

  • Ability to develop knowledge objects, tools and intellectual capital to support the internal engagement assignments.

  • Excellent interpersonal skills (listening and communication) characterized by effective interactions with a diverse range of internal and external constituents, stakeholders and audiences.

  • Strong influencing and conflict resolution skills especially with senior management.

Job: Information Technology

Primary Location: India-Karnataka-Bangalore-ETSC - Bangalore

Schedule: Full-time

Shift: Day Job

Unposting Date: Jul-27-2017

Req ID: 170009Z6