Sr. Manager – VA & PT Domain

Full Time
Posted 3 years ago

Job Description,

Area Description
VAPT Program Management ·         In-depth Domain  understanding about the technical aspects of VA/PT process from a large financial organisation perspective.

·         Managing VA & Penetration testing services, including both expert consulting and managed services.

·         Manage relationship with external 3rd party vendor/Testing partner which have being hired to perform penetration testing and standard gap analysis services for banks application and infra.

·         Providing security requirements for test driven design.

·         Manage a large testing team of out sourced vendor resource and ensure the timely execution of Banks VAPT calendar

·         Good knowledge of VA PT tools .

·          Risk Assessment &analysis and review ratings of vulnerabilities in the context of banks environment and controls.

·         Understanding of Vulnerability Management tools

·         Should have good communication and presentation skills

Policy Management
  • The VAPT policy / process needs to periodically reviewed and updated basis the prevailing threat vectors, with the concurrence of concerned stake holders.
Vulnerability Assessment and Penetration Testing


Compliance of VAPT program to PCI –DSS,RBI and ISO 27001 Requirements.

  • Ensure that Vulnerability Assessment and Penetration Testing program is managed and executed as per the VAPT calendar .

·         PCI DSS Compliance from a VA & PT perspective ( Understanding on ASV scan requirements

·         Authenticated scans for Internal VA/PT for Infra / Security devices

  • IT Infrastructure VA /PT

·         Digital products assessments

  • Manage Application Security
    • Periodic scanning of all applications
    • Improve testing of application changes
  • Card not Present Merchant onboarding-testing
  • Risk Assessment & analysis and review ratings of vulnerabilities in the context of banks environment and controls.
  • Firewall rule audits
Systems Development (Secure Code Review) ·         Develop systems using a structured and approved system development methodology that ensures information security requirements are defined, documented and met to build required information security functionality into systems during development.

·         Systems Development (Secure Code Review)

·         Continuous testing of in-house application for Secure Coding practices

·         Good Understanding of OWASP Top 10 /SANs  25

Co Ordinate  with Stake holders for Remediation of vulnerabilities ·         The Job Role requires good communication and coordination skills for remediation of vulnerabilities

·         Technically review the VA Report , and assess the Impact /Risk after taking into consideration the existing security frame work and controls in the organisation , for prioritizing the remediation

·          End to End Coordination  with internal stake holders till the remediation is completed.

·         Ability to provide the Mitigation Controls/ POA for the identified vulnerabilities

Metrics and Dash Board Publications
  • Producing metrics reporting the state of application security programs and performance of development teams against requirements .
  •  Release senior management dashboard on a periodic basis.
Knowledge of VA Tools
  • Knowledge of  current VA Tools
  •  For example – Qualys, nmap ,Burp and Other VA Tools
  • Checkmarx tool
  • Algosec audit tool .
  • Understanding of Vulnerability Management tools

Job Features

Job CategoryBank
Weekends5 Days a Week
Working HoursBanking Hours

Apply Online

A valid phone number is required.
A valid email address is required.