Assignment Details
Our client, A leading energy solutions provider, is looking to engage a Consultant - Senior Security Analyst to Perform Vulnerability assessments and remediation for web, mobile (Both Android & iOS), IoT firmware and thick client testing domains. (Recommended to have expertise in more than 1 domain).
Monitor and research on security threats and vulnerabilities, manage security controls, logs and risk mitigation strategies and implement security policies based on regulatory standards and framework. Should have understanding of regulatory standards and IoT framework (IEC 62443, ISO 27001, NIST, CIS benchmark etc.) Knowledge of TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
Hands on experience on Azure Security Tools like Microsoft Defender for Cloud, Azure monitor, Azure Key Vault, WAF etc. and other pen testing tools like burp suite pro, ZAP, MoBSF, Ghidra, Binwalk etc. Manage the implementation of diverse SOC and SIEM Tools, OSINT and platforms such as cloud, dockers/container infra etc.
Tasks and Responsibilities:
- Develop and implement incident response plan.
- Continuously monitor and analyze security alerts from various sources.
- Do research and perform forensics on incidents.
- Develop and enforce security policies and procedures.
- Draft reports based on tests performed and provide remediation based on security best practices.
- Conduct regular security audits to assess effectiveness of security controls.
- Identify and analyze complex security vulnerabilities and threats through social engineering attacks and manual testing.
- Assess network architecture, configurations for security vulnerabilities.
- Contribute to the development of innovative security testing methodologies and Tools.
- Write technical and executive reports and aware stakeholders of security events.
- Ability to perform malware analysis.
- Automate common testing techniques to improve efficiency.
- Communicate findings to both technical staff and executive leadership.
- Validate security improvements with additional testing.
Skills Required
Skills:
- OWASP Top 10, SANS 25, MITRE CWE, CVE, secure code review.
- Threat intelligence and forensics
- Proficient in coding in one or more Programming languages, especially for scripting (Python, BASH, JavaScript, Ruby, Perl)
- Hands on performing vulnerability assessment through tools like Azure Defender, WAF, Burp Suite Pro, ZAP, MoBSF, Ghidra, Binwalk, Nessus etc.
- OWASP, SANS and IoT/OT security Testing Methodologies and some hands on pen testing.
- Basic reverse engineering skills (Familiarity with IDA Free, Ghidra, etc.) Basics of ARM exploitation.
- Cryptography and certificate management practices
- Experience working in public cloud environment (Azure, GCP etc.)
- Familiarity working with Linux, Windows, and MacOS environments.
- Strong understanding of infrastructure/cloud architecture. This will include using security Tools, manual testing etc.
- Technical writing and documentation
- Strong communication skill
Share
3 month(s)
8+ years 
On-Site
