This role is for one of Weekday’s clients
Salary range: Rs 2000000 - Rs 2800000 (ie INR 20-28 LPA)
Min Experience: 6 years
Location: Mumbai
JobType: full-time
Requirements
About the role
- A minimum experienceof 6-8 years in IT Services and Security Management with relevant 5 years in information / cyber security risk assessment or management or security risk advisory consulting experience
- Minimum 4 years of experience in web application/API/ mobile application development
- In depth understanding of OWASP & CWE application / API. Mobile security vulnerabilities
- Hands-on experience in implementingapplication security controlsas per NIST, OWASP.
- Perform Threat Modelling of application considering internal and external risk factors.
- Good hold in API and microservices security
- Ability to identify risk and threats based on overall environment and platform of application.
- Detail understanding of web, app, middleware,and database security.
- Excellentoral and writtencommunication skills preferred having customer or stakeholder interaction exposure.
- Must be able to articulate risk observation in detail and simple understandable language
- Perform application & mobile security risk assessment as per best industry standards (NIST, ISO)
- Develop threat model as per the application applicability and business environment.
- Share knowledge with other team members, provide inputs to provide quality risk reports.
- Ensure risk tracker is kept updated for assessment performed.
- Should be able to analyze risk for changes performed in application and recommend best practices.
- Communicate effectively withproject managers, app owner and stakeholders.
- Advises management of critical issues that may affect the risk posture in application.
- Generate innovative ideas for achieving the objectives.
- Demonstrate skills with upgrading knowledge quickly for latest platform level security such as for Kubernetes, OpenShift, microservices architecture security best practices.
- Preferred Certifications CRISC/ CISSP/ OSCP/ CSSLP