VA/PT Analyst
Locations: Hyderabad, Andhra Pradesh, India | Houston, Texas, United States
Career Area: Technology & Information Security
Key Responsibilities / Duties:
- Perform with the passion for excellence through strong execution using technical skills, knowledge, and experience.
- Make fact-based decisions using individual judgement and problem solving.
- Performing penetration testing and vulnerability assessment on various types of technologies and implementations
- Penetration testing and vulnerability assessments using automated (commercial, open source) tools and manual techniques
- Network, Mobile and web application penetration testing
- Perimeter awareness through open source tools and threat intelligence feeds
- Host and database assessment and security configuration review. Perform security configuration analysis for various operating systems (e.g. Unix, MS Windows)
- Wireless security assessment
- Network security architecture design review
- Review and analyze security vulnerability data to identify applicability and false positives
- Research and develop testing tools, techniques, and process improvements
- Conduct technical security/risk assessments and information security projects
- Identify and exploit technical vulnerabilities in systems, assess business risks of the technical vulnerabilities and communicate to relevant staff
- Provide internal remediation support through the design, implementation and integration of network infrastructure and information security controls
- Administer the Vulnerability Response System (VRP),and update it with new vulnerabilities and assign to relevant IT groups for assessment and possible fixes
- Coordinate internal and third-party vulnerability assessments. Provide results to the appropriate technical teams and management
- Have a thorough understanding of technological requirements for Invesco’s systems and provide guidelines to effectively mitigate security risks
- Respond timely to ServiceNow tickets as needed
- Keep open lines of communication within the team and collaborate with group members.
- Build trust by fulfilling team expectations, guidelines, and work responsibilities as well as holding others accountable for the same
- Treat people with dignity, respect and fairness and holds others accountable for the same.
- Convey thoughts logically, simply and succinctly in written and verbal communications
- Report and Escalate risk and key metrics. Effectively communicate security risk identified from assessments or monitoring to ensure appropriate implementation of security controls.
- Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
- Educate business teams on security risk and recommendations
- Other duties as assigned
Work Experience / Knowledge:
- Three plus years of Information Security or relevant experience
- Five plus years of technology or business experience.
- Experience with security issues in large networks
- Able to demonstrate experience, knowledge and skills in utilizing common penetration testing and vulnerability assessment tools and techniques
- Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software
- Knowledge of security industry best practices (e.g. SANS, NIST, CIS)