Associate Information Security Consultant Job in Xiarch Solutions Pvt Ltd

Job Description

Associate Information Security Consultant :

About the Company
Xiarch is a CERT-Empanelled Organization. Xiarch, is an acronym for Xtreme InfoSec Auditors, Researchers, Consultants and Hackers. Xiarch is best of breed professionals in the infosec industry. Xiarch aspires to use its moral values, competence and knowledge to secure the corporate IT investments and help our clients derisk their business. Xiarch has its own R & D facilities, where cutting edge research is done in the field of information security. Xiarch R & D team is always devising new ways through which your investments can be protected from the threats posed by the malicious users.


Responsibilities:
1 or more years of experience required in related field Vulnerability Assessment & Penetration of Web, Network, Mobile, API etc.
Requires knowledge of Penetration Testing & Vulnerability Assessment.
Excellent communication, interpersonal, presentation, and collaborative skills to work effectively with teams throughout organization.
Proactive and Self-directed, team player mindset is a must.
Experience in execution and building relationships and working with executives at all levels.
Mandatory Certifications like OSCP, OSWE, OSCE or any other industry accredited security certifications would be preferred. Good interpersonal, problem solving, reasoning and analytical skills.
Ability to effectively collaborate with others in English.


Skills and Expertise
Experience in conducting and managing Penetration Testing, Vulnerability Assessment projects.
Basic Knowledge of Programming (Python, Ruby, PHP, Node, C#, C/C++)
Basic Knowledge of Database (Relational & Non-Relational)
Basic Knowledge in Network, Server, Endpoints, Embedded System, Mobile System
Basic Knowledge of Windows, Linux OS System
Practical Knowledge (Network, Web, API, Mobile Penetration Testing)
Good Report Writing Skills
Technical skills in data-analysis (SQL, Python) to develop data driven insights.
Conduct vulnerability assessment and penetration testing for network, web applications, mobile applications and thick-client application.
Conduct configuration reviews for OS, DB, Firewall, Routers, Switches and other infrastructure components.
In-depth knowledge in mobile/web/network/api etc and defense strategies and Thick client applications.
Proficiency with understanding and writing/modifying exploits.
Good Knowledge and experience of conducting vulnerability assessments and penetration testing (VAPT) of apps as per standards such as PTES, OWASP Top 10, SANS/CWE Top 25, NIST.
Ability to analyse web-application, mobile application work flows and perform manual testing.
Analyse application security vulnerabilities found through testing and collaborate with development and other internal technical teams to provide mitigation steps to reduce the risk.
Should have hands-on experience with at least one programming/scripting language from PHP, C#, ASP .Net, Java, Python, Ruby, Java-scripting.
Experienced in Manual and automated security testing of applications, network, api, mobile.
Understanding of application technologies and its components
Hands-on experience of security code review.
Experience on Web services, API testing.