|VAPT Program Management||· In-depth Domain understanding about the technical aspects of VA/PT process from a large financial organisation perspective.
· Managing VA & Penetration testing services, including both expert consulting and managed services.
· Manage relationship with external 3rd party vendor/Testing partner which have being hired to perform penetration testing and standard gap analysis services for banks application and infra.
· Providing security requirements for test driven design.
· Manage a large testing team of out sourced vendor resource and ensure the timely execution of Banks VAPT calendar
· Good knowledge of VA PT tools .
· Risk Assessment &analysis and review ratings of vulnerabilities in the context of banks environment and controls.
· Understanding of Vulnerability Management tools
· Should have good communication and presentation skills
|Vulnerability Assessment and Penetration Testing
Compliance of VAPT program to PCI –DSS,RBI and ISO 27001 Requirements.
· PCI DSS Compliance from a VA & PT perspective ( Understanding on ASV scan requirements
· Authenticated scans for Internal VA/PT for Infra / Security devices
· Digital products assessments
|Systems Development (Secure Code Review)||· Develop systems using a structured and approved system development methodology that ensures information security requirements are defined, documented and met to build required information security functionality into systems during development.
· Systems Development (Secure Code Review)
· Continuous testing of in-house application for Secure Coding practices
· Good Understanding of OWASP Top 10 /SANs 25
|Co Ordinate with Stake holders for Remediation of vulnerabilities||· The Job Role requires good communication and coordination skills for remediation of vulnerabilities
· Technically review the VA Report , and assess the Impact /Risk after taking into consideration the existing security frame work and controls in the organisation , for prioritizing the remediation
· End to End Coordination with internal stake holders till the remediation is completed.
· Ability to provide the Mitigation Controls/ POA for the identified vulnerabilities
|Metrics and Dash Board Publications||
|Knowledge of VA Tools||
|Weekends||5 Days a Week|
|Working Hours||Banking Hours|