About TO THE NEW:TO THE NEW is a digital technology services company that provides product engineering, Cloud and FinOps services to enterprises, SaaS, and consumer tech companies.We are recognised by global analyst firms like Gartner, Forrester, Everest, ISG, and Zinnov for its capabilities in Digital Engineering, Cloud, OTT, and Data & Analytics. The company leverages its deep partnership with all leading hyperscalers like AWS (Premier Partner), Azure, and GCP to provide end-to-end Cloud professional and managed services to its customers.Responsibilities:Perform manual penetration testing on networks, web-based and mobile applicationsRun scheduled Nessus Scan and other network scansProduce high-quality technical reports and presentations and suggest remediation for the vulnerabilitiesWork closely with the development teams and support in fixing security vulnerabilitiesEngage with prospective clients to understand in scope applications and plan out the assessment of their applications or infrastructureWork as a single point of contact for existing and potential clients and manage internal and external VAPT assignmentsDrive information security awareness and training to promote a secure environment and an effective security culture.Support and guide the VAPT team for internal and third-party VAPT assignments for web and mobile applicationsProvide guidance to Junior security experts on complex projects that require your experience and expertise.Support pre-sales and sales team with security-related RFP questionnaires and provide ad-hoc support to business units on security-related mattersMust-Have:B.Tech/ MCA with 4-7 years of experience in the field of information security with focus on security compliance programsStrong fundamentals in network security, application security and cloud security concepts and controlsUnderstanding of the Secure Software Development Life Cycle and DevSecOps principlesMust be updated with the latest security vulnerabilitiesGood experience with mobile and web VAPT assignments and knowledge of OWASP top 10, WASC, SANS 25Hands-on experience with BurpSuite, SqlMap, Nmap, Nessus, Kali Linux and various paid open source toolsCertifications such as CEH, OSCP or any similar certification would be an added advantageSelf-directed technical lead, willing to take ownership and drive results, propose technical directions, make decisions and resolve issuesExcellent interpersonal skills, ability to navigate through challenging situations and good analytical skillsExcellent verbal and written communication skills and the ability to interact with senior managers, subject matter experts, regulatory authorities and client's Information Security Offices
Job Title
Information Security Engineer