Assistant Manager – Cyber & Information Security
Cyber and Information SecurityOVERVIEW OF THE COMPANY
StarStar India has defined the Indian media landscape for more than 30 years, and today is one of the country’s leading media conglomerates, reaching around 700 million viewers a month on TV across India and over 100 other countries. Star India’s channel portfolio cuts across general entertainment, films, sports, infotainment, kids, and lifestyle content across eight languages. The network generates over 20,000 hours of content every year and broadcasts 70+ channels, reaching 9 out of 10 C&S TV homes in India. The Star Sports network is one of the leading sports networks with 17 channels in its bouquet. It is home to a number of leading domestic and international sports and is making quantum leaps in transforming sports in the country, helping India become a multi-sporting nation. Disney+ Hotstar, India’s largest premium streaming platform has changed the way Indians watch their entertainment - from their favourite TV shows and movies to sporting extravaganzas. With the widest range of content in India, Disney+ Hotstar offers more than 100,000 hours of TV Shows and Movies in 8 languages, regional and national News, and coverage of every major global sporting event, including the IPL. The company is present in the Indian movie production and distribution space through Fox Star Studios. The studios is also responsible for the marketing and distribution of its Hollywood slate in the country. For more details visit us at http://www.startv.com/JOB DESCRIPTION
KEY RESPONSIBILITIES
- Provide innovation within the context of the Vulnerability Assessment and Penetration Testing (VAPT) program in relation to both process and technology
- Design, implement, and support VAPT solutions identified as necessary for the protection
- Serve as a Subject Matter Expert (SME) for the VAPT function
- Serve as the system owner for common VAPT toolsets, platforms, and processes
- Provide assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles
- Assess the sufficiency of policies, standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture
- Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the Information Security Manager
- Provide input into security risk assessments by leveraging specialized knowledge
- Report compliance failures to management for immediate remediation
- Maintain assigned systems to ensure availability, reliability, integrity, including the oversight of current and projected capacity, performance, and licensing
- Define, create, and delivers reports and relevant metrics to the Information Security Manager
- Mentor junior members of the VAPT group and provide constructive consultation to other peer groups such as Development
QUALIFICATION & EXPERIENCE
- B.tech/ M.tech/ Master in Engineering
- Minimum of 4 Years’ experience as VA/PT/Red Team lead with relevant development experience as part of Cybersecurity / Information Security teams.
KNOWLEDGE AND SKILLS
- Possess a Computer Science Bachelor's Degree or substantial equivalent experience
- Expertise in Cloud Security
- Python coding is a must-have skill
- Offensive Security OSCP preferred
- Experience in Bug Bounty programs is a plus
- Strong professional experience in information security with a focus on vulnerability assessment and penetration testing
- Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
- Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
- Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave
- Proficiency with other common attack tools and frameworks such as Wireshark, Kali, and Metasploit, etc.
- Proficiency with mobile platform security technology, including vulnerability identification and exploitation tools as well as mobile platform security best practices, frameworks, etc.
- Ability to validate the presence of identified vulnerabilities with accuracy
- Mastery of common application platforms and technologies in order to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins
- Authoritative understanding of OWASP, CVE, general security controls, and other foundational topics such as the latest application and operating system exploits
- Knowledge of common scripting and programming languages is advantageous
- Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances
- Ability to maintain critical thinking and composure under pressure
- Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
- Capable of providing assistance with the preparation of internal training materials and documentation
- Ability to be productive and maintain focus without direct supervision
- Understands VAPT in the context of risk management and organizational priorities
- Passionate in the practice and pursuit of VAPT excellence
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.