Job Description :
Hello
There is an excellent job opportunities for you.
Please find the details below regarding the same. Please let me know if you are interested in pursuing this opportunity.
Location: Dallas, TX.
Duration: 6 months
Interview: Telephonic, Face To Face
Client: Experian
JAVA Developer
Knowledge, Experience & Qualifications
Primary Responsibilities:
Lead a team responsible for conducting internal and external penetration testing and automated web application security testing.
Evolve the delivery model for the Application penetration testing service, including roles and responsibilities, remediation plans, rollout of best practices, etc.
Hire, manage, and develop staff of application penetration testers by providing direction, establishing clear and measurable objectives, managing performance, training and coaching.
Develop and maintain KPIs to help project resource requirements, and forecast sub-contractor usage.
Ensure effective knowledge management of findings and review results of penetration testing in order to determine severity of findings and identify potential remediation or mitigation strategies
Monitors and reports progress, problems and solutions in a timely manner. Follows through to ensure dollars and time estimates are realized within planned limits.
Effectively communicates to management and business sponsors the status of projects and issues as they relate to the testing process.
Provides clear, consistent, regular communication with all project stakeholders at all levels, including presentations to senior management, creating agendas and meeting minutes.
In-depth research of the latest adversarial tactics, techniques and procedures (TTPs) and technologies to remain at the bleeding edge.
Create and support KPIs and KRIs that measure risk reduction and progress over time.
Builds a high performance team
Develops and mentors staff to achieve career goals and maintain leadership succession planning.
Qualifications
EDUCATION/EXPERIENCE
Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc; Master’s preferred.
10 years of hands on Application Penetration testing experience with at least 4 years in managing and leading a team of penetration testers.
A Self Starter with strong organizational skills, including the ability to deliver with minimal supervision and experienced in working in an onsite-offshore model.
Expert knowledge and hands on experience of penetration tools such as Kali Linux, Burpsuite, Nessus,Metasploitetc.
Expert knowledge of existing, emerging threats, web security principles and attack vectors
Ability to Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
Extensive knowledge of information and technology security management technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
Strong expertise in the collaboration, facilitation and coordination with the business units for the mitigation of risks.
Strong understanding of Application Design, DevOps, TCP/IP fundamentals, network protocols, system administration and network architectures.
Experience and exposure to large organizational implementations of vulnerability management programs, with specific emphasis on application security, metrics development and reporting.
Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code
Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc. and APIs (JSON/REST/SOAP)
Understanding of APIs (JSON/REST/SOAP)An aptitude for technical writing, including assessment reports, presentations and operating procedures.
Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
Ability to solve very complex security issues that span multiple components in an Application infrastructure.
Ability to lead and motivate the team to achieve tactical and strategic goals.
Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
Professional security management certification, such as a CISSP, CISM, CEH,OSCP/E, GWAPT, GPEN, or GXPN certification(s)or other similar credentials, is desired