Recruiter at Altisource Business Solutions Ltd
Views:213 Applications:29 Rec. Actions:Recruiter Actions:4
Altisource - Information Security Engineer - Vulnerability Management (3-6 yrs)
Information Security Engineer - Vulnerability Management
- Conduct vulnerability assessments for all types of applications, systems and networks.
- Communicate security vulnerabilities and corrective actions to various internal groups and validate remediation.
- Identify security risks in the software development and deployment process.
- Utilize commercial and open source vulnerability assessment tools.
- Perform manual verification of vulnerabilities - reduction of false positives.
- Create assessment reports and present them to management and technology professionals.
- Develop metrics for tracking and analyzing vulnerability information.
- Assist in regular penetration testing.
- Develop and maintain internal tools and task automation.
- Stay current on information security threats.
- Train security team members on vulnerability management process and tools.
- Perform additional security duties as needed to supplement the team's activities.
Required Qualifications & Certifications :
- Bachelor's degree in Engineering, Computer science or equivalent
- 3 to 6 years experience.
- Possess certification/s related to Vulnerability Assessment such as GIAC, CEH.
- Must possess excellent written and verbal communication skills.
- Hands-on experience with performing network vulnerability assessments.
- Hands-on experience with performing Application scans and code reviews of application codes developed in various technologies.
- Knowledge of OWASP tools and methodologies
- Competency with network security and information security concepts and technologies.
- Thorough knowledge of the Windows OS as well as Linux and Unix variants.
- Ability to work on a team and independently.
- Process-oriented with high attention to detail.
Preferred Qualifications :
- Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
- Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
- Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
- Experience presenting to or training technical audiences a plus.
- A technical writing experience and/or web development tools isa plus.