Consultant - Identity Management Job

Hyderabad, IN

Yash Technologies

YASH Technologies is a leading Digital Solution Company for Business IT Solutions. YASH is a Right Sized Technology Partner of Choice.

View all jobs at Yash Technologies

Apply now Apply later

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.

 

At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.

 

We are looking forward to hire Identity Management Professionals in the following areas :

 

Position Name: Application Security Lead

 

Description

YASH is a Digital services enabler organization delivering vast portfolio of digital services to customers across the globe. Our topline services include Cybersecurity services. We are looking for a candidate with strong security testing skills pertaining to Application Security Testing. This role will be part of vibrant YASH’s Cybersecurity – Application Security services team.

As an Apps Sec Expert, you will be responsible for assessing the security of different types of applications developed in client environment. Work with develiopment teams or vendors to detect, prirotize and remediate secuity flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls.

Position: Application Security Consultant

Number: 01

Location: Across India

Total Experience:  5 – 7 years

How do you grow and be successful:

At YASH, we will offer all support to grow in your career. At the very beginning you will receive a deep knowledge of the current Application Security practice after your onboarding is completed. You will be measured on the positive contribution in delivering the services to our customers.

All our employees will have global exposure from day 1. We will offer you the chance to learn multiple security technologies and solution training programs. Our career path program will reach the highest positions and make a global career to aspiring candidates.

Key responsibilities

  • Perform application security assessment for web, cloud, mobile, and thick client applications
  • Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
  • Perform web services (APIs) penetration testing and analyze communications between client and servers
  • Perform manual penetration testing of applications using appropriate tools and techniques to uncover critical security vulnerabilities in the software, the infrastructure, the configuration and business logic
  • Check separation of duties and access controls, review accounts management and check SSL certificates
  • Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
  • Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
  • Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
  • Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks

Qualifications:

  • Bachelor’s or Master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.)
  • 5 -7 years equivalent experience
  • Professional information security certification (CSSLP, CISM, CEH, CISSP, GPEN, GWAPT, OSCP or similar)
  • Experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review
  • Experience with network penetration testing, firewalls configuration, network architecture and security
  • Experience in manual penetration testing of websites, APIs and networks using a variety of tools and technologies
  • Experience in testing network isolation, escalation of privileges, authentication, expanding the attack surface and exploiting vulnerabilities
  • Experience with mobile application security testing on iOS and Android platforms
  • Experience securing applications on a myriad of platforms and languages including Java, .Net, Angular, etc.
  • Experience in OS hardening on Windows and Linux environments
  • Experience with a variety of testing tools, including: HCL AppScan, Burp Pro Suite, Veracode, Qualys Suite, NMAP, Metasploit, Kali Linux, Wireshark and OWASP ZAP.
  • Understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
  • Experience in identifying and resolving false positive findings in assessments
  • Firm understanding of networks, operating systems and data-center architecture.
  • Familiarity with cloud technologies (IaaS, PaaS, SaaS, containers) on Google, Azure and AWS environments
  • Experience performing Red Team, Blue Team Operations is a strong plus.

Other requirements

  • Travel will be required on need basis.
  • You will be working during client business hours based on the project you will be allocated into.
  • Office reporting is flexible and encourage hybrid working for this role. However, reasonable reporting into office for project meetings and client meeting attendance is mandatory.
  • All working days reporting may be subjected to project or organization demand.
  • Ability to work in global distributed setting without supervision
  • Self-driven, Proactive, Systems Thinking
  • Strong organizational, personal discipline and time management skills to manage multiple tasks and changing priorities.
  • Ability to properly handle confidential information and personnel-related matters
  • Strong process-oriented skills for troubleshooting, problem solving and problem resolution
  • Ability to work with others to deliver and provide a high level of service
  • Strong communications skills both verbal and written with the ability to talk to both business and technical people

 

At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.

 

Our Hyperlearning workplace is grounded upon four principles

  • Flexible work arrangements, Free spirit, and emotional positivity
  • Agile self-determination, trust, transparency, and open collaboration
  • All Support needed for the realization of business goals,
  • Stable employment with a great atmosphere and ethical corporate culture
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  2  0  0
Category: Consulting Jobs

Tags: Agile Android APIs Application security AWS Azure Blue team CEH CISM CISSP Cloud Code analysis Computer Science CSRF CSSLP Firewalls GPEN GWAPT IaaS iOS Java Kali Linux Metasploit Nmap OSCP OWASP PaaS Pentesting Qualys Red team Risk analysis Risk assessment SaaS Security assessment Veracode Vulnerabilities Windows XSS

Perks/benefits: Career development Flex hours Transparency

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.