Career in IT Security

CAREERS

For brilliant minds, we offer brilliant career progression in information security. If you want to do exciting and innovative stuff in information security world, come and join us.

For the below opportunities at Codec Networks, you can send in your resume with complete details to careers@codecnetworks.com

VAPT

Job Profile 1 : VAPT Analyst , Penetration Testing, Vulnerability Assessment

Location : At our client side in Noida, NCR.

Educational Background : Graduate (B.E, B.Sc)

Certifications : CEH, OSCP, SANS GWAPT, SANS GPEN

Experience : Experience of 1-2 years

Operational Roles and Responsibilities :

  • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security
  • Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
  • Conduct and compile findings on new vulnerabilities, new tools for departmental use
  • Create project deliverables /reports and assist the immediate supervisor during submissions and client discussions
  • Abide by the project time lines and maintain project discipline

Technical Skills Required :

  • Extensive Working knowledge of Operating systems : Windows and variants, Unix and variants, Linux and variants.
  • Knowledge about Computer Networks, System Security, Firewalls, IDS, IPS and Vulnerabilities.
  • Well versed in the use of ethical hacking/network scanning tools such as Nipper ,Nmap, Amap, Nessus-OpenVAS, SAINT, Metasploit, Accunetix Web Application Scanner amongst others
  • One or more scripting language like perl/php/python/bash OR one or more programming languages like C/C++/Java.

Other Working Skills :

  • Analytical skills, ability to work with minimal supervision, good speaking and writing skills, excellent working knowledge of word, excel and powerpoint

Job Profile 2 : Penetration Tester

Location : Chennai

Educational Background : Graduate or Postgraduate (B.E, B. Tech, ME M.Tech) in Information Security

Experience : 2-5 years or more

Operational Roles and Responsibilities :

  • Executes application and network penetration tests that will vary in level of complexity from simple to potentially complex using tools and manual methods.
  • Develops detailed work plans, schedules, resource plans for recurring penetration tests summarize findings and recommended corrective measures.
  • Advises leadership of the technical and business risks of identified vulnerabilities Liases with external 3rd party pen testers as required
  • Establishes and reports on metrics to gauge pen testing effectiveness, progress and key risk areas identified through audits.
  • Identifies risks and escalates potential project issues to management as required
  • Implement changes to procedures and systems to enhance data systems security
  • Recommends process improvement strategies
  • Provide the highest level of technical expertise and support to management and staff members in risk assessments and the implementation of appropriate data security procedures and products
  • Identify and determine causes of security violations, and recommend corrective actions to ensure data security

Other Working Skills :

  • The ability to directly and successfully lead a high-performing team through complex people and technology change.
  • Solid knowledge of software development methodologies and best practices.Proficiency in at least one modern compiled programming language such as C, C++, C#, or Java.
  • Knowledge of professional software engineering best practices for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations.
  • Good understanding of XML, XML schema, and related technology; JavaScript and HTML knowledge.

Job Profile 3 : Penetration Tester / Exploiter

Location : Delhi.

Educational Background: B.E, B. Tech, B.SC in Information Security, CSC, ECE, IT

Certifications :

  • CEH, CFHI, ECSA, LPT
  • Offensive Security Certified Professional certification (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)

Experience : 2 year or more

Operational Roles and Responsibilities :

The individual as a part of Information Security operaton team shall be responsible to provide critical management and reporting services on a variety of Information Security platforms. This includes: configuration, tool creation (scripts, procedures, and templates), defining reports, and recommending best practices and procedures.

  • Hands-on performing the security operational activities.
  • Developing procedures, methods, reports, and scripts to facilitate the monitoring and measurement of enterprise
  • Wide IT security solutions
  • Pro-active follow up on potential security risks and incidents
  • Configuring and monitoring of security infrastructure
  • Vulnerability scanning and reporting
  • Monitoring of various log sources and identifying risks and issues
  • Creating event log dashboards, reports and alerts
  • Contributing to the overall IT security architecture

Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage , Maltego, Burp, Paros Proxy Nessus, nexpose, wireshark, sqlmap etc

Job Profile 4 : Network Security Consultant

Location : New Delhi.

Educational Background: B.E, B. Tech, B.SC in Information Security, CSC, ECE, IT

Experience: 2 year or more

Operational Roles and Responsibilities :

Performing Network Security Assessment, Network Security Architecture Review (NSAR), Network Device Configuration Audit, Security Policy drafting and review, Network Vulnerability Assessment / Penetration Testing and System Hardening.

Web application security analysis, Vulnerability assessment and penetration testing

Technical Skills Required :

  • Hands-on experience in configuring, managing and reviewing configuration of network devices such as firewalls, routers etc. and should have exposures to network related vulnerabilities and risks.
  • Web application security testing (Manual and Automated) based on standards such as OWASP, CWE and NIST is preferred.
  • Knowledge of Vulnerability Assessment and Penetration Testing for Infrastructure & Applications
  • Understanding of security issues, exploitation techniques and remediation measures and ability to implement new attack approaches/vectors
  • Should have exposure to some or more of the security assessment tools such as fortify ,WebInspect,Proxy tools, IBM Appscan,nmap ,nessus,maltego,Acunetix and Backtrack.
  • Knowledge of Wireless networks and Penetration Testing.
  • In depth knowledge of Networks and Operating Systems.

Job Profile 5 : VA/PT Tester (Appsec And Network)

Location : Pune

Educational Background: MCA, BCA , B.Tech ( CSC or ECE)

Certifications : CEH/CSSLP/CISSP

Experience : 3-6 years

Operational Roles and Responsibilities :

Sound Knowledge in conducting Network/ Infrastructure Vulnerability Assessment and Penetration Testing, Application security testing, Wireless security testing, Code review with at least 2 year experience in information security.

Technical Skills Required :

  • Good knowledge on the Java, .Net based web technologies.
  • Should posses sound understanding in information security fundamentals, systems security and controls such as Vulnerability Assessment and Penetration Testing for Infrastructure / network / web application / databases and Secure Code Review.
  • Proven experience of penetration testing for web based application and use of backtrack based tools and other open source / commercial tools.
  • Excellent project, time management and prioritization skills
  • Interaction with multi-disciplinary teams for timely meeting of key project milestones and checkpoints
  • Should posses sound knowledge of hardening, patch management, VA/PT and configuration review.
  • Contribute to practice development by creating reusable components and document key project-learning within the consulting practice

Web Security

Job Profile 1 : VAPT Analyst , Penetration Testing, Vulnerability Assessment

Location : at Codec Networks Client side at New Delhi.

Educational Background : raduate (B.E, B. Tech, MSc, B.Sc) in CSC, ECE, IT

Certifications :

  • CEH, CFHI, ECSA, LPT
  • Offensive Security Certified Professional certification (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)
  • Experience : Experience 2 years or more

    Operational Roles and Responsibilities :

    • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
    • Conduct and compile findings on new vulnerabilities, new tools for departmental use
    • Create project deliverables /reports and assist the immediate supervisor during submissions and client discussions
    • Abide by the project time lines and maintain project discipline

    Technical Skills Required :

    • Hands-on Experience is performing Network Security Assessment and vulnerability Assessment.
    • Well familiar with basics of TCP/IP and Networking principles.
    • Good understanding of OWASP top 10 and web Application security audits.
    • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.
    • Familiar working with Publicly available exploits codes.

    Hands on knowledge on Tools : Nmap, Kali Linux, Metasploit, Armitage , Maltego, Burp, Paros Proxy Nessus, nexpose, wireshark, sqlmap etc.

    APPLICATION SECURITY

    Job Profile 1 : Application Security

    Location : Mumbai, Pune, Noida.

    Educational Background : MCA, BCA , B.Tech ( CSC or ECE)

    Certifications :CEH or ECSA certifications. Additional certifications like CISA or CISSP will be a significant advantage

    Experience : Experience of 2-3 years

    Operational Roles and Responsibilities :

    • C/C++/Java , Dot Net and Java knowledge / experience. One or more scripting language like perl/php/python/bash>
    • Expertise in web application penetration testing and network penetration testing
    • Good knowledge of hardening guidelines for database, server, firewall etc.
    • Good knowledge of secure software development standards, process, techniques and tools
    • Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
    • Good understanding of security development lifecycle processes across technologies.

    Other Working Skills :

    Analytical skills, ability to work with minimal supervision, good speaking and writing skills, excellent working knowledge of word, excel and powerpoint

    Job Profile 2 : Telecom Security Consultant / Mobile Application Security

    Location : New Delhi

    Certifications :

  • CEH, ECSA & CISA certifications
  • Security Process Knowledge
  • Security Polices SOX, PCI, DSS, OSSTM etc.
  • Experience : 3-8 years

    Operational Roles and Responsibilities :

    • Must have extensive experience in conducting security testing on USSD, IVR platform and SIM card testing with telecom operators.
    • Must have extensive experience in performing security tests of mobile application Android, iOS, Symbian, Blackberry for telecom operators.
    • Must have extensive experience in conducting security tests on Mobile payment system covering mobile application, middleware system and CRM modules.
    • Must have extensive experience in conducting source code review in Java, J2EE, Android, iOS and BB platforms
    • Must have experience in conducting security test of telecom devices like Femto cell.
    • Must have experience in conducting security tests of latest solutions like Adhaar based authentication solutions, location based services solution, etc

    Other Working Skills :

    • Excellent report-writing skills.
    • Ability to communicate technical impact and business risk to a non-technical audience after the project
    • Outstanding customer relationship management skills
    • Deep knowledge of databases and popular web applications

    Job Profile 3 : Web Application/Mobile Application Development /Information Security

    Location : Chennai, Bangalore

    Educational Background: MCA, BCA , B.Tech ( CSC or ECE)

    Certifications : Industry recognized Application Security Certifications, such as CISSP, CISA, CEH ISO 27001 are a plus.

    Experience :1-3 Years of experience in web application /Mobile Application Development.

    Technical Skills Required :

    • Requires good level of knowledge and understanding of architecture, applications systems design and integration with a detailed understanding of applicable programming methodologies.
    • Must have an accomplished level of hands-on development experience with either Java/J2EE or .NET/PHP Android etc with demonstrated competencies in secure coding techniques.
    • Hands on of the various mobile platforms iOS, Android, Blackberry, Symbian and Windows mobile.

    Job Profile 4 : Web Application And Mobile Application Security Consultant

    Location :Pune

    Job Role : Security Consultant/Penetration Tester required with expert skills in Web Application and Mobile Application security assessments

    Full Job Description :

    Senior Penetration Tester/Ethical Hacker to work as a Web Application/Mobile Application Security Consultant in a challenging environment.

    Experiance : 2-3 years experience in web application and mobile security

    Operational Roles and Responsibilities :

    • Perform manual internal and external penetration testing.
    • Ability to communicate technical impact and business risk to a non-technical audience after the project
    • Perform mobile application assessments on Android, iOS, BlackBerry and Windows Phone applications Utilize scanning tools when necessary.
    • Complete project work accurately and within deadlines as required.
    • Complete analysis and draw comprehensive conclusions, making appropriate recommendations.
    • Be a part of team handling various challenging projects and assist on ongoing research in the company

    Technical Skills Required :

    • Advanced manual penetration testing and application testing experience.
    • Advanced experience in social engineering techniques and tactics.
    • Advanced experience with tools such as Nmap, Burp Suite, Nessus and Metasploit.

    Other Working Skills :

    • Excellent interpersonal, communication, and organizational skills.
    • Ability to think outside the box to solve highly technical problems and ability to think like an attacker.
    • Ability to work effectively with clients, management, staff members, vendors, and consultants.

    Job Profile 5 : Consultant / Senior Consultant - VAPT,Code Review

    Location :Pune

    Educational Background: MCA, BCA , B.Tech ( CSC or ECE)

    Certifications : CEH/CSSLP/CISSP

    Experience : 3-6 Years

    Operational Roles and Responsibilities :

    • Conduct Security Code Review, Penetration Testing and Consult Product Development Team to secure Financial and Telecom Applications
    • Conduct penetration testing for thin & thick client based applications
    • Identify and propose work-around for critical defects.
    • Should be able to deal with multiple platforms like Windows, Linux and technologies like Java, .Net
    • Conduct Threat Modeling of Applications
    • Ability to analyze root causes and deliver strategic recommendations during security reviews
    • Being a key team member for delivering complete project life cycles - from capturing Customer requirements to delivering timely solutions to Customers
    • Adhering to best practices, and alignment with the Customer´s security requirements for project execution, documentation, and reporting
    • Interaction with multi-disciplinary teams for timely meeting of key project milestones and checkpoints
    • Manage Customer relationships at the project delivery level

    Technical Skills Required :

    • Java, .Net, PHP based web technologies
    • Rich script development in Perl/Ruby/Php/Python will be an advantage
    • Should be familiar with OWASP, OSSTMM etc.
    • Hands on Experience on tools like Fortify, IBM AppScan etc.
    • Proven experience of security code review and penetration testing Java and .Net Technologies

    APPLICATION SECURITY

    Job Profile 1 : Security Operations/VAPT/Malware Detections/Incident Investigations

    Location : Mumbai

    Educational Background : B.E, B. Tech, B.SC in Information Security, CSC, ECE, IT

    Experience : 2 years or more

    Operational Roles and Responsibilities :

    The individual as a part of Information Security operaton team shall be responsible to provide critical management and reporting services on a variety of Information Security platforms. This includes: configuration, tool creation (scripts, procedures, and templates), defining reports, and recommending best practices and procedures.

    • Hands-on performing the security operational activities.
    • Developing procedures, methods, reports, and scripts to facilitate the monitoring and measurement of enterprise wide IT security solutions
    • Pro-active follow up on potential security risks and incidents
    • Configuring and monitoring of security infrastructure
    • Vulnerability scanning and reporting
    • Monitoring of various log sources and identifying risks and issues
    • Creating event log dashboards, reports and alerts
    • Contributing to the overall IT security architecture

    Technical Skills Required :

    A technically savvy individual who can work independently in shifts (24*5) operations and in a small team environment.

    Passionate about IT systems and information security

    A strong knowledge and background in

    Intrusion detection systems, Security incident / event management systems, Firewall rule base management tools, Firewall rule base audit tools, Anti-virus or anti - malware technologies, Log analysis software, Internet proxy servers, Compliance archival solutions, Various operating systems (e.g. Windows and Linux), Basic scripting capabilities are an advantage, Possess a high level overview of risk-intelligence and security awareness, End point security, Encryption technology, Database Security.

    Other Working Skills :

  • Linux event flows and collection (i.e. Syslog, SNMP traps, etc.
  • Network security (Firewalls, proxies, DNS, IDPS, switching/routing, encryption, etc)
  • Web technology and security of web-based services & applications Firewall Rules and rule analysis (i.e., using tools such as Algosec)
  • Vulnerability assessment appliances (i.e. Qualys, Rapid7)
  • Compliance archiving solutions (e.g. Symantec Enterprise Vault)
  • An understanding of windows security, events, and administration a plus Database systems security (Sybase, DB2, Oracle, MS-SQL) a plus Server Virtualization (Citrix)
  • Job Profile 2 : Information Security Engineer

    Location : Hyderabad

    Educational Background :

    Bachelor's degree (or equivalent) preferred in Computer Science, Information Systems or related fields

    Certifications :

    Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP) and SANS GIAC.

    Experience :

    5 years' experience working in IT/InfoSec engineering and operations

    Technical Skills Required :

    • Demonstrated experience with deploying and operating network security tools, including but not limited to IDS, firewalls, proxies and security gateways;
    • Demonstrated experience supporting and managing Linux operating systems;
    • Advanced level knowledge of TCP/IP networking concepts and protocols, advanced technical knowledge of network security;
    • Good level knowledge of key network services and technologies and most common application protocols such as DNS, IPsec, HTTP/HTTPS;
    • Demonstrated experience with conducting threat and vulnerability management work program, including threat analysis, vulnerability scanning and remediation;
    • Demonstrated ability to implement vulnerability mitigation at all levels of the OSI network model. Must be able to quantify the severity of discovered vulnerabilities and prioritize remediation efforts;
    • Demonstrated experience using commercial vulnerability scanning tools. Ability to work with system and application owners to ensure remediation of discovered vulnerabilities and rectify any false positive conditions;
    • Advanced knowledge of interpreted languages such as Perl, Python, PowerShell, or Bash in addition to compiled languages such as C++;
    • Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility;

    Soft Skills Expertise :

    • Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers;
    • Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries even without active guidance from the management;
    • Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues in simple terms; Analytical skills required.

    Professional Services

    Job Profile 1 : Senior Engineer - Professional Services

    Location : Banglore.

    Experience :

    3 to 5 years of experience in Application Security, Vulnerability Assessment and Penetration Testing

    Technical Skills Required :

    • Ability to conduct Manual Web Application Security Assessment for complex Web Apps
    • Ability to conduct Vulnerability Assessment & Penetration Testing
    • Creating application Threat Models and delivering Design Threat Summaries to customers
    • Ability to perform manual source code review with Web Technologies like .NET, PHP and J2EE
    • Ability to set / identify security testing objectives & develop security test strategy
    • Recommending appropriate vulnerability mitigation approaches to clients
    • Creating project proposals, customer questionnaires, training documents and evaluation surveys.
    • Imparting security training to Trainee Engineers, Application Developers and Management
    • Run & Analyze the security test (Manual & Automated) and pinpoint the security issues and suggest countermeasures for security improvements.
    • Technical expertise in a broad range of application and technical architecture components (applications/OS, database, network)
    • Should have fair amount of knowledge in at least Windows & Unix operating systems and Oracle & SQL Server databases.
    • Knowledge in various open source security tools
    • Scripting in atleast one language like Perl, Python or Ruby is desirable
    • Ability to conduct design reviews, requirement reviews, evaluates technical architecture from security view point.

    Hands on Knowledge on Tools :

    Acunetix Web Application Scanner, Microsoft Baseline Analyzer, Backtrack, coSARA, Metasploit, Tenable Nessus, Nmap, Wikto, Cain and Abel, Paros, eEye Retina Scanner, JTR, WebScarab, Fortify etc.

    Contact us

    • Codec Networks ready to help you.visit our HELP CENTER for any assistance

    Live Feed & Resources