Senior Attack Surface Reduction Analyst

Job Description

Role : Senior Attack Surface Reduction AnalystLocation : Abu DhabiRole Purpose:Reporting to the Head of Cyber Security Defense Operations, the Senior Attack Surface Reduction Analyst assesses the current exposure of the organization s assets against security vulnerabilities and gaps which can be exploited by potential threat actors. The employee will work in close coordination other members of the information security team and other relevant departments across the organization to ensure proper and timely closure of all identified security issues. The Role will require exercising leadership when coordinating with internal stakeholders, Senior management and external vendors.Key Accountabilities of the role Reducing the attack surface of the organization by conducting periodic or on-demand security assessment activities Regularly monitoring the external attack surface of the organization and taking necessary action to close identified gaps Performing security assessment of Web Applications, Mobile Applications, APIs, Infrastructure components, etc. as and when required. Providing cost effective security solutions Executing VA of organizations assets as per approved annual plan Assigning the remediation action for all identified security issues to the action owner in a timely manner and regularly following up till closure of the issue Escalating all pending issues and notifying all non-compliance to existing security policies, process and standards in a timely manner to security leadership team Regularly monitoring multiple vulnerability databases and sending security advisories for vulnerabilities to relevant department Coordinating with external PT vendors and application SPOCs for multiple projects and ensuring closure of all security issues prior to GoLive Ensuring compliance to all regulatory requirements like PCI, Swift, UAE Central Bank, etc. Staying up to date with all recently identified vulnerabilities, exploits, attack techniques and methodologiesSpecialist Skills / Technical Knowledge Required for this role: Proficient in Web, Mobile and API security testing Proficient in secure code review Excellent Knowledge of using VA tools from multiple vendors Knowledge of security technologies, processes, and systems/applications Knowledge of DevSecOPs and CI/CD pipeline Knowledge of assessing the security of Microservices and Container applications Familiarity with banking processes and modus operandi Strong Knowledge of OWASP Top 10, ISO27001, NESA, PCI DSS, SWIFT and other information security standards and regulations Strong knowledge of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports ) Bachelor s degree in Computer Science or IT, or any related technical discipline Professional certifications such as OSCP, OSWE, OSEE, GPEN, CISSP, CISM, AZ500, etc. Knowledge of automation using scripting languages like perl, python, ruby, unix shell scripting, etc. Cloud knowledge (Microsoft Azure and M365 is preferable)Previous Experience: More than 6+ years of relevant experience in Web Application, Mobile Application and API security testing More than 6+ years of experience in using VA tools like Qualys, Nessus, Nexpose, etc. More than 6+ years of experience working for big banks or financial institutions More than 4+ years of experience in secure code review of .NET, Java, PHP and other popular programming languages Experience in Application Threat Modeling and secure design review Experience Leading and managing Vulnerability and PenTest Programs across different organizations Experience in presenting Vulnerability and PT dashboard to Senior management and relevant committees.Facebook Twitter Email Share

Keyskills :
perl .NET Unix Shell Scripting Swift Php Microsoft Azure Qualys Cism Java Pci Dss python M365 Ruby Web Cloud Owasp Oscp Api Nessus Cissp Mobile va GPEN

About Company

Ateca Consulting is a specialist IT and Telecoms Recruitment Company. From our headquarters in London a highly trained team of consultants work with clients around the world.

We have many of the world?s leading organizations among our prestigious client list and are involved in some of the most high-profiled ICT projects Worldwide. Our excellent understanding of our sector and close relationship with our clients enables us to understand their exact requirements and provide bespoke strategies to ensure the right people are recruited at all levels of the business.

We work closely with clients regarding both contingency and project recruitment, offering contract and permanent resource solutions. Our market-focused approach has enabled us to build a database of highly skilled consultants, many of whom have been introduced to us through personal referral and therefore are rarely on the open market. All candidates are fully referenced before being submitted to any client.

Through our many years of experience we have learnt to understand what our clients need and to match that need with speed and accuracy. We know that in a competitive market place it is important to be flexible, reliable and responsive and this is what defines our service.