Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy
* Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
* Map out a network, discover ports and services running on the different exposed network and security devices
* Analyze scan reports and suggest remediation / mitigation plan
* Keep track of new vulnerabilities on various network and security devices for different vendors
* Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
* Advanced technical analysis on intrusions
* Audit configuration of Network and Security devices
* Providing rich client specific reports
* 1-2 years’ experience in Cybersecurity
* Knowledge on VA tool such as Tenable
* Should be able scan devices using VA tool
* Should be able to prepare report based on VA tool
* Should be able to explain the report to client based on the findings
* Should have knowledge on Web Penetration & Network Penetration testing. Should have a skill to conduct Gray box & black box testing
* Should worked on various PT tools such as Burp Suite, Acunetix, etc.
* Should be able do SCD scanning for Windows & Linux
* Should have good knowledge on OS such as Windows, Linux
* Experience on network vulnerability scanning penetration testing
* Experience with Nessus NetCat, NMAP Backtrack, Metasploit, , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone)
* Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)
* In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database
* Analytical thinker willing to "think outside the box" to resolve customer impacting situations on first contact; understand customer risk profile.
* Self-starter and ability to deliver under defined time lines
- Integrate Security into DevOps and enable security automation in CI/CD pipeline
- Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.
- Focused and versatile team player that is comfortable under pressure
- Ability to remove barriers and enable teams to complete their objectives
- Understanding of emerging technologies and corresponding security threats
- Self-motivated, flexible, with a ‘can do’ attitude.
- Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organization.
