Information Security Engineer Job in Quinstreet
Information Security Engineer
- Pune, Pune Division, Maharashtra
- Not Disclosed
- Full-time
Job Responsibilities: Conducts in-house penetration testing and code-reviews of prosper applications and platform. Conduct web application security scans, analyze results for false positives, prioritize vulnerabilities, and research and propose remediation steps. Conduct regular security assessments of internally developed applications. Asset identification, network discovery, and software inventory Analysis of hacking, penetration and defense threats Perform post mortem analysis on logs, traffic flows, and other activities to identify malicious activity. Create automated tests to encourage and enforce security standards. Develop response procedures for addressing potential security threats Monitor and respond to SIEM alerts. Prepare, Review, analyze and acknowledge daily / weekly / monthly security reports. Qualifications Hands-on experience using a major Enterprise Web Scanning Tool: e.g., HP WebInspect, IBM, Veracode, Acunetix, Cenzic, or QualysGuard Be familiar or efficiently administer/monitor (hands on) various IT and security tools such as: Qualys, AV(Symantec 11-12), Imperva WAF, DLP (Websense / Symantec), Tripwire, Nitro SIEM, Malware detection, IDS/IPS, Forescout, SSL VPN, Cisco and Palo Alto Firewalls, and other security tools (or equivalent security tools). Familiar with vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies Familiar with host and vulnerability discovery strategies, processes, and best practices Experience with Penetration Testing Experience with modern Web Application Framework (Java/Rails/.Net) required, .Net Framework 3.0 4.0, ASP.NET, ASP.Net MVC desirable, NHibernate, IoC based Framework, AOP Framework, Web Services (SOAP/WSDL or ReST/WADL), WCF desirable Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS, etc. General IT security best practices knowledge that include Firewalling, Server Hardening, Web Content Filtering, Vulnerability Scanning, and Endpoint Protection (antivirus, disk encryption, host intrusion prevention, etc.).
Your 4 Step Guide to Career Success
