Skills:
Cybersecurity, Risk Management, Network Security, Security Compliance, Security Architecture, IBM QRadar, OWASP, Web Application Firewalls,
J
ob Profile: IT Security Consultant
DEPARTMENT: Information Technology
Experience: 3 years and above
Location: Gurugram, Haryana
Job Type: Full-time/ Permanent
Requirements
- Minimum 4 years of IT experience, with at least 5 years in information security, including 2 years in a supervisory role.
- Familiarity with OWASP and ASVS rules is mandatory.
- Prior experience with configuring Web Application Firewalls and handling attacks that can be mitigated by WAF is a must.
- Excellent interpersonal and communication skills.
- Proficiency in English, with an international mindset for multicultural environments.
Responsibilities
- Develop and manage security strategies.
- Conduct information security audits and manage security stacks (e.g., CrowdStrike NGAV and EDR, Akamai WAF).
- Perform penetration testing and vulnerability assessments in accordance with OWASP and ASVS rules and have the knowledge to manage and work on other VAPT requirements.
- Implement technological upgrades and improvements to the security environment.
- Provide security awareness training and onboarding for personnel.
- Assess technology architecture for vulnerabilities and weaknesses.
- Communicate security goals and new programs effectively with department managers.
- Ensure compliance with security management frameworks and data privacy regulations.
- Develop and maintain policies, procedures, standards, and guidelines.
- Act as a focal point for the security team and third-party vendors.
- Lead and guided information security team members and IT operations personnel.
Preferred
- Certifications like CISSP, CISA, CISM, ISO 27001 Lead Auditor/Implementor.
- Hands-on experience with Wireshark, Burp Suite, custom tools using Python etc. or similar tools for penetration testing.
- Good experience in any one WAF tool, especially Akamai-based WAF is a great addition.
- Strong experience in security incident management beyond SIM tools, emphasizing proactive security measures over-reactive ticketing.
