Information Security Manager

  • Openings 1
  • Location Karachi

We are looking for Information Security Manager who will be responsible to deliver penetration testing and vulnerability assessment of software and systems including mobile, web and desktop applications. This person will work across the organization performing analysis on systems developed internally, for clients and by third parties. The individual will be assisting in setting up new security technologies across the company.

We are a passionate group of professionals, and would welcome an equally dedicated person to join our team!

Requirments

  • Bachelor’s or Master’s Degree in Computer Science or Software Engineering.
  • Minimum 5 years of proven experience in similar capacity.
  • 2+ years performing penetration testing of web applications.
  • 1+ years performing penetration testing of mobile applications including both iOS and Android.
  • Deep technical experience in either open source or enterprise grade commercial tools for vulnerability assessment and penetration testing such as Retina, Core Impact, Qualys, Metasploit, Secunia, and/or Nessus.
  • System administration experience with both Windows and Linux operating systems.
  • Experience with common industry vulnerability standards such as OWASP Top 10 and CWE/SANS Top 25.
  • Active security industry certifications such as CISSP and CEH will be preferred.
  • Must possess strong interpersonal skills, a passion for excellence and a “can-do” attitude.
  • Ability to multi-task, self-direct, and manage deadlines.
  • Experience performing audits and assessments against policies and regulations such as PCI-DSS, HIPAA, and Sarbanes-Oxley.
  • Excellent written and verbal communication skills.

Responsibilities

  • Collaborating with cross-functional teams to integrate security controls at every step of the design, development, quality assurance, and maintenance of systems.
  • Developing test plans, system specifications, hardening guides, and other tools to assist in the defense of exposed systems.
  • Performing vulnerability assessments of networks and systems using a combination of commercial and free/open source tools in order to gauge risks posed by network and system design.
  • Performing penetration testing of web and mobile applications using a combination of commercial and free/open source tools in order to demonstrate a capability to exploit vulnerabilities present within software and systems.
  • Performing security testing of desktop applications using a combination of commercial and free/open source tools to gauge risks posed by the application to the system and network.
  • Providing assistance related to incident response and computer/network forensics.
  • Ensuring IT security controls meet regulatory requirements.
  • Creating and communicating security analysis reports to demonstrate to internal and external parties the need for improvement.
  • Developing test plans, system specifications, hardening guides, and other tools to assist in the defense of exposed systems.
  • Helping to manage, maintain and improve policies, procedures, and controls.
  • Providing feedback to clients on our Information Security compliance status as per their defined formats.
  • Participating in Information Security Administration activities and reviews.

Know someone who woul'd be perfect for this role? let them know.