Sr. Manager – VA & PT Domain

Sr. Manager – VA & PT Domain

Full Time
Mumbai
Posted 3 years ago

Job Description,

Area Description
VAPT Program Management ·         In-depth Domain  understanding about the technical aspects of VA/PT process from a large financial organisation perspective.

·         Managing VA & Penetration testing services, including both expert consulting and managed services.

·         Manage relationship with external 3rd party vendor/Testing partner which have being hired to perform penetration testing and standard gap analysis services for banks application and infra.

·         Providing security requirements for test driven design.

·         Manage a large testing team of out sourced vendor resource and ensure the timely execution of Banks VAPT calendar

·         Good knowledge of VA PT tools .

·          Risk Assessment &analysis and review ratings of vulnerabilities in the context of banks environment and controls.

·         Understanding of Vulnerability Management tools

·         Should have good communication and presentation skills

Policy Management
  • The VAPT policy / process needs to periodically reviewed and updated basis the prevailing threat vectors, with the concurrence of concerned stake holders.
Vulnerability Assessment and Penetration Testing

&

Compliance of VAPT program to PCI –DSS,RBI and ISO 27001 Requirements.

  • Ensure that Vulnerability Assessment and Penetration Testing program is managed and executed as per the VAPT calendar .

·         PCI DSS Compliance from a VA & PT perspective ( Understanding on ASV scan requirements

·         Authenticated scans for Internal VA/PT for Infra / Security devices

  • IT Infrastructure VA /PT

·         Digital products assessments

  • Manage Application Security
    • Periodic scanning of all applications
    • Improve testing of application changes
  • Card not Present Merchant onboarding-testing
  • Risk Assessment & analysis and review ratings of vulnerabilities in the context of banks environment and controls.
  • Firewall rule audits
Systems Development (Secure Code Review) ·         Develop systems using a structured and approved system development methodology that ensures information security requirements are defined, documented and met to build required information security functionality into systems during development.

·         Systems Development (Secure Code Review)

·         Continuous testing of in-house application for Secure Coding practices

·         Good Understanding of OWASP Top 10 /SANs  25

Co Ordinate  with Stake holders for Remediation of vulnerabilities ·         The Job Role requires good communication and coordination skills for remediation of vulnerabilities

·         Technically review the VA Report , and assess the Impact /Risk after taking into consideration the existing security frame work and controls in the organisation , for prioritizing the remediation

·          End to End Coordination  with internal stake holders till the remediation is completed.

·         Ability to provide the Mitigation Controls/ POA for the identified vulnerabilities

Metrics and Dash Board Publications
  • Producing metrics reporting the state of application security programs and performance of development teams against requirements .
  •  Release senior management dashboard on a periodic basis.
Knowledge of VA Tools
  • Knowledge of  current VA Tools
  •  For example – Qualys, nmap ,Burp and Other VA Tools
  • Checkmarx tool
  • Algosec audit tool .
  • Understanding of Vulnerability Management tools

Job Features

Job CategoryBank
Weekends5 Days a Week
Working HoursBanking Hours

Apply Online

A valid phone number is required.
A valid email address is required.