Locations: Hyderabad, Andhra Pradesh, India | Houston, Texas, United States
Career Area: Technology & Information Security
Key Responsibilities / Duties:
Perform with the passion for excellence through strong execution using technical skills, knowledge, and experience.
Make fact-based decisions using individual judgement and problem solving.
Performing penetration testing and vulnerability assessment on various types of technologies and implementations
Penetration testing and vulnerability assessments using automated (commercial, open source) tools and manual techniques
Network, Mobile and web application penetration testing
Perimeter awareness through open source tools and threat intelligence feeds
Host and database assessment and security configuration review. Perform security configuration analysis for various operating systems (e.g. Unix, MS Windows)
Wireless security assessment
Network security architecture design review
Review and analyze security vulnerability data to identify applicability and false positives
Research and develop testing tools, techniques, and process improvements
Conduct technical security/risk assessments and information security projects
Identify and exploit technical vulnerabilities in systems, assess business risks of the technical vulnerabilities and communicate to relevant staff
Provide internal remediation support through the design, implementation and integration of network infrastructure and information security controls
Administer the Vulnerability Response System (VRP),and update it with new vulnerabilities and assign to relevant IT groups for assessment and possible fixes
Coordinate internal and third-party vulnerability assessments. Provide results to the appropriate technical teams and management
Have a thorough understanding of technological requirements for Invesco’s systems and provide guidelines to effectively mitigate security risks
Respond timely to ServiceNow tickets as needed
Keep open lines of communication within the team and collaborate with group members.
Build trust by fulfilling team expectations, guidelines, and work responsibilities as well as holding others accountable for the same
Treat people with dignity, respect and fairness and holds others accountable for the same.
Convey thoughts logically, simply and succinctly in written and verbal communications
Report and Escalate risk and key metrics. Effectively communicate security risk identified from assessments or monitoring to ensure appropriate implementation of security controls.
Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
Educate business teams on security risk and recommendations
Other duties as assigned
Work Experience / Knowledge:
Three plus years of Information Security or relevant experience
Five plus years of technology or business experience.
Experience with security issues in large networks
Able to demonstrate experience, knowledge and skills in utilizing common penetration testing and vulnerability assessment tools and techniques
Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software
Knowledge of security industry best practices (e.g. SANS, NIST, CIS)
