SISA is a global Payment Security Specialist, trusted by organizations across the globe for securing their businesses with robust preventive, detective, and corrective security services and solutions. SISA is a recognized PCI QSA, PA QSA, PCI ASV, P2PE-QSA, 3DS Assessor, PCI Forensic Investigator, and PCI PIN Security Assessor and has a comprehensive bouquet of advanced products and services for risk assessment, security compliance and validation, monitoring and threat hunting, as well as training for various payment security certifications.
SISA currently services 2000+ clients spread across 40+ countries through our delivery centers in the U.S.A, U.K, Bahrain, U.A.E, Saudi Arabia, India, Singapore, and Australia. Our clientele spans industries ranging from banking, financial services and insurance, retail, airlines, hospitality services, e-commerce merchants, payment gateways and service providers, BPO & call centers, card personalization & processors, and IT & ITES companies, etc.
CREST Accreditations
Penetration Testing
Contact
Mukesh H Khanwani
+65 945 64139
[email protected]
https://www.sisainfosec.com/security-testing/network-security/penetration-testing/
As part of VAPT, we perform a detailed analysis on the current architecture, internal security of system components and identify all vulnerabilities by using a phased approach to ensure that malicious intruders do not gain the access to critical assets.
We use commercial tools to perform a thorough real-world evaluation. Besides these commercial tools, we also use many tools that hackers utilize for every evaluation. Several internally developed tools are used too. Our main objective is to evaluate systems by replicating a real-world data breach.
Our Testing procedure includes:
- Requirement Analysis
- Threat Identification
- Vulnerability Evaluation
- Exploitation
- Post-Exploitation
- Reporting
We follow industry-standard approach to come up with a comprehensive methodology which takes care of all the industry best security standards.
We have the ability to design and refurbish a security model which provides elements for establishing, implement, operate, monitor, review, maintain and improve an ISMS adopted strategically by any organization.
CREST Qualified Consultants:
- CREST Practitioner Security Analyst
-
Contact: Mukesh H Khanwani
Careers
Risk Assessment and Compliance Consultant - Freshers
Job Description We are looking for a proactive and dynamic **Information Security Risk and Compliance** **Consultant Like You who can provide **risk-based analysis, which requires coordinating with clients for their business, taking details and organizing the same to ensure that the product or performed service adheres to a defined set of quality criteria. You will ensure that our business processes and transactions follow all relevant legal and internal guidelines, support in various audit initiatives to further strengthen the risk framework. Roles & Responsibilities **Role and Responsibilities:** • Ability in Team and Client Management for assigned domestic or international client / region. • Perform Risk Assessment support and facilitate the implementation of internal controls that will provide the client organization with protection from compliance risk. • Understand laws and regulations pertaining to information security standards like ** PCI DSS, GDPR, ISO, etc.** • Monitoring and reporting on the effectiveness of control measures; Monitor compliance with laws, regulations, and policies • Preparing Reports for Security Assessments/Audits • Proactively identify control deficiencies and emerging IT risks as candidates for risk assessments • Participating in planning and implementing tools and processes to further enhance the risk management program • Regularly audit company procedures, practices, and documents to identify possible weaknesses or risk **Required Skills:** • As a Risk and Compliance Consultant, you should possess client management and delivery skills • Must be open to travel 50% in future (This position may require national or international travel over a period) **Desired Skills:** • Create and manage effective action plans in response to audit discoveries and compliance violations for global clientele. • Working under pressure and delivering as per deadlines • Highly analytical with strong attention to detail • Problem solving skills and Risk management in a strategic business • Ability to accurately complete applications for compliance certification. Eligibility **Education Requirements:** • B.Tech/M. Tech / Masters in Information Security or Forensics Analysis preferred • CPISI, ISO 270001LA, CISA, CISSP Certification preferred. **Personal Attributes:** • Performance and learning focused are the most important attributes • The ideal candidate will be professional, highly analytical, and possess excellent written and verbal communication skills in addition to IT fluency. • Strong cross-functional interaction skills; Ability to work in a team-oriented, collaborative environment. • Ability to self-motivate and open to manage complex projects with multi-tasking. • Excellent organizational skills; High Ethical quotient.
Associate Consultant Net Sec
Job Description We are looking for a passionate Info Sec Pen Testing Consultant like you, having experience in external and Internal vulnerability assessment and penetration testing. You will be part of SISA’s Delivery team; will be working in collaboration with other Info Sec and IT Operational teams to maintain a secure environment and for incident response capabilities. This is a fantastic opportunity to be part of a leading Cybersec firm whilst being instrumental in the growth of our service offering. Roles & Responsibilities - Perform periodically system and application VAPT (Vulnerability Assessment and Penetration Testing) using automated and manual approach - Perform asset and network discovery activities, helping ensure full coverage of the vulnerability discovery. - Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and asset - Identify and test vulnerabilities in the areas of the information system and networks security. - Conduct and compile findings on new vulnerabilities, new tools for departmental use - Create project deliverables /reports and assist the immediate supervisor during submissions and client discussions - Performing assessment related to Red Teaming, Network Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Secure Code review, AD Security Assessments, Vulnerability Management, Social Engineering Assessments, Wireless Penetration Testing. Eligibility #### Qualifications: - Bachelor of Engineering (BE) – (CS) / (IS), Bachelor in Computer Application (BCA), Masters in Computer Application (MCA), Masters of Technology (M Tech), Masters in Computer science and Information Science, Masters in Forensic analysis / Cybersecurity. - *Certification:* CEH/ECSA/CompTia Security+ certification is Desirable. eJpt or any other industry recognized security certification a plus. **Required Skills** - Hands on experience with Vulnerability Assessment and Penetration testing of thick & thin client-based applications, Operating systems, edge devices and firewalls. - Research, recommend, evaluate and implement information security solutions that identify and and/ or protect against potential threats, and respond to security violations, misuse of resources or noncompliance situations using defined escalation processes - Strong Experience of using open-source tools and commercials tools such as but not limited to Burp Suite, Metasploit, Nessus, Acunetix, Checkmarx, and Nexpose with operating systems Windows and Linux. - Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST. - Perform research on new vulnerabilities, attack vectors, exploits, tools and industry trends services. - Provide offsite and on-site consulting services to our customers. - Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. - Well familiar with basics of TCP/IP and Networking principles. - Extensive Working knowledge of Operating systems: Windows NT/2K3/XP and Linux or any Unix OS. - Knowledge about Computer Networks, System Security, Firewalls and Vulnerabilities. **Personal Attributes:** - Excellent verbal and email Communication Skills - Ability to effectively handle difficult situations - Able to prioritize and execute tasks in a high-pressure environment - Escalation management and De-escalation skill - Keen attention to detail - Problem-solving skills - Relationship-Management Skills
Application Security - Alpha
Job Description We are seeking Application Penetration Tester to identify and resolve security vulnerabilities and weaknesses affecting applications and digital assets. Roles & Responsibilities Roles & Responsibilities: · Perform penetration testing on internal application, cloud environment and internal environments, analyze and report results, design, and direct remediation. · Perform system or application vulnerability discovery, research, exploitation, reporting and validation according to the established rules of engagement · Perform network penetration, system, web and mobile application testing, source code reviews, threat analysis, Carry out the penetration testing and expose weaknesses in security · Secure the application from malicious activities and breaches. · Conduct manual penetration testing and source code auditing for a variety of technologies. · Interface with Security compliance team in response to internal and external audits. · Recognize and safely utilize & Maintain attacker tools, tactics, and procedures. · Perform Segmentation Test required as per PCIDSS Standards. Required Skills: · Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc. · Understanding of programming languages such as PHP, HTML, javascript, etc · Knowledge and understanding of windows, Linux, networking concepts and security infrastructure (firewalls, IDS/IPS etc). · Good exposure to any one of the scripting languages ( python, shell script etc) Education Requirements: · BE/B.Tech in Computer Science or Information Science Or M.Tech in Computer Science or Information Science · Certifications: CEH , CompTIA, PenTest+, GPEN,OSCP or any application security training from well recognized training institutes with at least 6 month training (Preferable) Personal Attributes: · Highly motivated and enthusiastic · Strong interpersonal and presentation skills · Ability to think and communicate ideas · Ability to Manage team members and leadership skills · Able to prioritize and execute tasks in a high pressure environment Work Conditions: · Working Hours - 9AM to 5PM (9 Hours) · Work from Home (Due to Pandemic) · Flexible Shift Eligibility **Education Requirements:** BE/BTech in Computer Science or Information Science MTech in Computer Science or Information Science
Associate Consultant - Forensics
Job Description To work closely with the team, in order to execute forensic investigation. On daily basis, he / she works within the digital forensic domain and carry out forensic investigation processes such as hard disk analysis, malware forensic, incident response and critical log analysis. Note: We work on very confidential projects and every project of SISA are classified. You won’t be allowed to mention about these projects to anyone anyhow except office premises. Roles & Responsibilities **Roles & Responsibilities: ** • Should perform computer forensic including digital evidence collection and preservation, analysis, requisite recovery of evidence from backup server, electronic mail extraction, and database examination • Should have in-depth knowledge about Windows Forensic, Volatile Memory Analysis, and Linux Forensic • Able to provide oversight for on-site examinations and collections and handling of digital evidence in legally acceptable manner • Should be assessing and troubleshooting a variety of technical issues. • Should have strong analytical and problem-solving skills. He / She should possess strong data analytics skills • Proficient with forensic techniques and the most commonly used computer forensic tools used to preserve and investigate electronically stored information, such as Encase and FTK etc Eligibility **Education Requirements: ** • Bachelor’s or Master’s degree in Digital Forensic or Bachelor’s or Master’s degree in Computer Science along with Certification related to Digital Forensic (CHFI, GCFA, GCFE, ACE, EnCase certified examiner etc.) **Preferred Skills: ** • Should have good hands on different forensic tools like - Encase, FTK, Autopsy. • Should be habitual working in complex environments and with strict timelines. • Some experience in conducting research/analysis. • Comfortable with high-tech work environment, and constant learning of new tools and innovations. • Excellent written and verbal communication skills. • Ability to identify critical issues quickly and accurately. • Forensics Certification will be an added advantage – CHFI, GCFA; GCIH, ACE, EnCase certified examiner etc. **Desired Skills:** • Desiring to accept challenging job and a very good team player. • Good understanding of Windows & Linux internal. • Malware analysis & reverse engineering. • Working knowledge of programming language Java, PHP, Python, Perl or Shell Script. • Should not be dependent on commercial tools, must have knowledge of open source technologies. • Create timely and customized reporting for client. • Research and develop new computer forensic tools and methodologies. • Can deliver technical training/presentation whenever required. **Work Conditions:** • Strong ability to work and meet demanding deadlines. • Flexibility to work all shifts, and willingness to assist the team with overtime when needed.
Risk & Compliance Consultant Alpha
Job Description Information Security Risk and Compliance Consultant will be providing risk-based analysis, which requires coordinating with clients for their business, taking details and organizing the same to ensure that the product or performed service adheres to a defined set of quality criteria. He/ She will be leading one of the clusters and ensure that our business processes and transactions follow all relevant legal and internal guidelines, support in various audit initiatives to further strengthen the risk framework Roles & Responsibilities Roles & Responsibilities: Mentoring associate team members and contribute in streamlining process for continuous improvement. Regularly audit company procedures, practices, and documents to identify possible weaknesses or risk. Participating in planning and implementing tools and processes to further enhance the risk management program Perform Risk Assessment support and facilitate the implementation of internal controls that will provide the client organization with protection from compliance risk. Proactively identify control deficiencies and emerging IT risks as candidates for risk assessments Understand laws and regulations pertaining to information security standards like PCI DSS, GDPR, ISO, etc. Monitoring and reporting on the effectiveness of control measures; Monitor compliance with laws, regulations, and policies Advise management on the company’s compliance with laws and regulations through detailed reports. Preparing Reports for Security Assessments/Audits Required Skills: Experience in Team and Client Management for assigned domestic or international client / region Should have exposure to Auditing / Consulting environment for Payment Security audit projects Should possess client management and delivery skills Highly technical with hands-on experience in the latest security trends and technologies plus industry or business evolution. Documentation expertise in auditing background Must be open to travel 50% in future (This position may require national or international travel over a period) Desired Skills: Working under pressure and delivering as per deadlines Highly analytical with strong attention to detail Problem solving skills and Risk management in a strategic business Ability to accurately complete applications for compliance certification. Eligibility Education Requirements: B.Tech/M. Tech / Masters in Information Security or Forensics Analysis preferred CPISI, ISO 270001LA, CISA, CISSP Certification preferred.
Security Analyst - Level 2
Job Description Job brief: We are hiring an Information Security Analyst-Level 2 to work in our growing IT Security team. You will monitor our security alerts, respond and remediate detected issues, and work with the Incident Management process to remove threats and vulnerabilities within the organization. To do well in this role you should have a bachelor's degree in computer science and experience in the information security field. Role Purpose: On a daily basis, Security Analyst- Trainee works within the Synergistic Security Operation Center to monitor security alerts, respond and remediate detected issues, and work with the Incident Management process to remove threats and vulnerabilities within the organization. This role collaborates with other Information Security and IT Operational teams to maintain a secure environment and for incident Response capabilities. Roles & Responsibilities Role and Responsibilities: • Daily review of security alerts/logs with follow-up on any suspicious activity • Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks. • Proactively monitor, identify and analyze complex internal and external threats, including viruses, targeted attacks and unauthorized access, and mitigate risk to IT systems • Work in concert with team members, Information Security engineering, and relevant Subject Matter Experts to process, analyze and drive the remediation of identified IT related vulnerabilities Responsible to follow the IT Security Incident Response policies and tools • Contribute to Information Security policies, standards, and supporting documentation • Root cause analysis, troubleshoot complex issues with existing security and privacy protection protocols • Responding to inbound security monitoring alerts, emails, and inquiries from the organization. • Providing support for Incident Response, including evidence collection, documentation, communications, and reporting Maintaining and improving standard operating procedures and processes Eligibility Education Requirements: • Bachelor of Engineering (BE) - Computer Science(CS) / Information Science(IS), Bachelor in Computer Application (BCA), Masters in Computer Application(MCA), Masters of Technology (M.Tech), Masters in Computer science and Information Science, Masters in Forensic analysis / Cybersecurity • Certifications: Certified Ethical Hacking (CEH), Cisco Certified Network Associate (CCNA) etc. Preferred Skills • Networking concepts • Information security concepts • Data Analysis • Linux and troubleshooting and domain knowledge • Windows and troubleshooting and domain knowledge Personal Attributes • Excellent verbal and email Communication Skills. • Strong interpersonal and presentation skills. • Ability to handle difficult situations effectively. • Ability to analyze and solve complex issues. • Able to prioritize and execute tasks in a high-pressure environment. • Keen attention to detail. • Experience working in a team-oriented, collaborative environment. • Flexible and multi-tasking ability, coordinating work effort over numerous projects. Work Conditions • 24/7 shifts applicable; 3 shifts • Strong ability to work and meet demanding deadlines. • Ability to function in an ambiguous environment. Ability to work outside normal hours and/or locations. • Some travel may be required for on-site meetings, conferences or training.
Threat Hunter-MDR
Job Description The Key role is to continuously detects, analyzes and combats advanced threats. The job role includes detecting vulnerabilities and mitigating the associated cybersecurity risk. Roles & Responsibilities · Responsible for hunting security threats, identify threat actor groups and their techniques, tools and processes. · Provide expert analytic investigative support to L1 and L2 analysts for complex security incidents. · Perform analysis of security incidents for further enhancement of rules, reports, AI/ML models · Perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat actors. · Analyze events to differentiate between malicious and benign activity and analyses malicious code, packet capture files, and artefacts. · Examine alerts from various security monitoring tools, perform triage & determine scope of threats. · Analyze logs, alerts, suspicious malwares samples from all GCSOC tools, other security tools deployed such as Anti-Virus, EDR, IPS/IDS, Firewalls, Proxies, Active Directory, Vulnerability assessment tools etc. · Using knowledge of the current threat landscape, threat actor techniques, and the internal network, analyze log data to detect active threats within the network. Build, document and maintain a comprehensive model of relevant threats. · Weekly tactical briefings on threat observations and findings on threats. · Keep up to date with information security news, vulnerabilities, tools, techniques, exploits and trends. · Proactively identify potential threat vectors and work with engineering team to improve prevention and detection methods. Identify and propose automated alerts for new and previously unknown threats. Eligibility Education Requirements: · Any Technical Background. Certifications: CEH, CISSP (Preferred) Preferred Skills: · Hands on experience on developing and implementing threat hunting hypothesis for multiple clients. · Should have executed multiple threat hunts using SIEM logs and other sources. · Experience converting hypothesis in to SIEM queries. · Should have Incident response skills. · Should have experience working in a SOC environment for large client · Hands on working Experience on any SIEM tool (Qradar /Alien Vault/ McAfee ESM/DNIF). · Proven work experience as a Technical Support Engineer, Operation, System Admin or similar role. Good understanding of database, security products (Firewall, IDS/IPS, AV) and other tech products. Desired Skills: · Excellent verbal and email Communication Skills. · Strong interpersonal and presentation skills. · Ability to handle difficult situations effectively. Ability to analyze and solve complex issues. Able to prioritize and execute tasks in a high-pressure environment. Keen attention to detail. Experience working in a team-oriented, collaborative environment. Flexible and multi-tasking ability, coordinating work effort over numerous projects. Work Conditions: · Strong ability to work and meet demanding deadlines. Flexibility to work all shifts, and willingness to assist the team with overtime when needed.
AWS- Cloud Security
Job Description · Minimum 7 years’ experience with 3+ years of hands-on technical experience in solution design of cloud environment and security systems. · Design, implement, and manage new cloud security technologies on AWS. · Experience in configuring and monitoring systems and applications security in cloud environments. Roles & Responsibilities . Experience in creating cloud solutions in security technologies including Security Information and Event Management (SIEM), Network Security, Cloud Security, Firewalls, Intrusion Detection / Prevention, DDoS Protection, Patch Management, Data Loss Protection, Application Security and Identity and Access Management. · Experience with AWS security services like WAF, GuardDuty, Config, Inspector etc. · Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as GDPR, ISO 27001, ISO 27017, PCI DSS and NIST 800-53. · Detailed knowledge of sustainable and risk-based security cloud controls. · CCSP, CCSK or equivalent cloud security certification is preferred. Eligibility Bachelors or Master’s degree in Engineering, Computer Science, Information Science, Computer Applications or similar technical education.
Project Analyst - US
Job Description We are seeking a Project Analyst with proven techno-managerial skills to successfully plan, design and execute cybersecurity project delivery in PCI domain for key clients. Roles & Responsibilities Design comprehensive project plan documents. Manage successful execution of the projects with defined milestones. Navigate the project progress as per defined SLAs and documenting progress at every stage. Participate in regular team meetings and contribute including but not limited to capturing meeting minutes, update compliance milestone status, follow-up on action items and deadlines. Resource Allocation and management to meet pre-defined project timelines as per plan. Deliver status updates and progress briefing; flag hurdles to right SPOCs and drive resolution. Coordinate collection of project documentation (questionnaires, evidence documents, network diagram, credit card flow diagrams, remediation plans, etc.); Set up monthly touch down meetings between client Senior Management & SISA Ensure all queries/issues raised by client are resolved within defined SLAs. Skills Requirements: 6 years expertise in end-to-end project delivery management in IT services domain Preferred technical education background. CAPM or similar Project Management certification is desired Stakeholder navigation and interaction including C Level executives Experience in resource planning and strategic planning for successful project execution. Deliverables: SLA Documents, Project Plan Document, PCI documentation (questionnaires, evidence documents, network diagram, credit card flow diagrams, remediation plans, etc.) Excellent written and verbal communication skills Ability to build and maintain relationships across diverse teams Proficient at handling technical and security related topics Ability to analyze and articulate implications of compliance requirements Other requirements: Will work as per CDT/CST (US) time zone and based out of US / Canada This role is open to Only US / Canadian Citizens and GC holders Eligibility Bachelors Degree
Project Leader - Cyber Security
Job Description Project Leader is a Techno Managerial role who will oversee a wide variety of projects for Network & Application security projects verticals (Net Sec & App Sec Assignments). He / She will be involved from conceptual designing , project planning & execution of Projects. He/ She will also be responsible for managing the current projects which are at various stages of Project Life cycle. Roles & Responsibilities Managing the customer relationship end to end from a Project Management and Technical SME perspective Forecasting of Customer, Technical and Internal Resources challenges and accordingly resolving the same within the SLA defined between SISA and the customer. Developing and managing comprehensive project plans with distinct timelines prioritizing customer requirements with SISA’s Brand Promise and coordinating with various managers and technical personnel during all project phases, from initial planning, designing, development through implementation. Monitor project progress continuously and presenting detailed progress reports on milestones, project status, timelines, dependencies, resource utilization, challenges and deliverables. Encouragement of internal personnel's, problem management, solution creation and implementation of efficiency improvements. Analysis of project plans and providing actionable feedback relating to cost benefit and return-on-investment standards. Review proposed modifications on project plans, including meeting with stakeholders (Internal and Customers) for executive project reporting and for implementing beneficial changes. Managing resource requisition, tools, trainings, travel and other material requirements as needed before and during projects by talking with customers, team members, managers, and in-house stakeholders and negotiating price and payment agreements with vendors. Learning and Development of internal team members and themselves basis upon applicability and latest technologies/research. Eligibility B.E / B.Tech + MBA or B.E / B.Tech + PGDM
QSA Consultant
Purpose of the Role: We’re looking for a competitive, hard-working, and goal oriented QSA Consultant to become a part of our North America Team. As a QSA Consultant, you’ll be responsible for assessments and the identification of gaps in cybersecurity and PCI Security Standards to validate an entity’s adherence to Payment Card Industry Data Security Standard (PCI-DSS). The main objective of this role is to satisfy all QSA Requirements and delivering PCI assessments within a team. Roles & Responsibilities: · Identifying, collecting, organizing, and reviewing pertinent evidence across multiple platforms and applications to determine compliance with relevant PCI DSS controls. · Validating the scope of the Cardholder Data Environment (CDE) as determined by the assessed organization. · Conducting an on-site assessment, examining the CDE which is in scope. · Assessing with a sampling approach (as approved by the PCI DSS Audit standard) and selecting employees, facilities, systems, and system components accurately representing the assessed environment and which is in scope. · Evaluate compensating controls as applicable. · Providing an opinion on whether or the assessed organization is compliant and meets PCI DSS Requirements. · Draft and generate a ROC effectively based on the assessment findings. · Based on the assessment and validation of the findings provide an AOC to the assessed organization’s PCI DSS compliance status. · Maintaining documents, paper works, and recordings of interviews that were collected during the PCI DSS Assessment as evidence and using it to validate the findings. · Applying and maintaining independent judgment in all PCI DSS Assessment decisions. · Conducting follow-up assessments as and when needed. · PCI SSC periodically performs QA reviews on a QSA’s ROC to ensure that the documentation of testing procedures performed is sufficient to support the results of the PCI DSS Assessment. Required Skills: · Minimum two years experience as a Qualified Security Assessor actively performing PCI assessments and/or remediation engagements. · Demonstrated ability to work independently as well as in a team to meet delivery obligations. · Demonstrated effective communication skills both written and verbal. · Effective presentation skills. · Ability to travel as required for projects Desired Skills: · Acting as the subject matter expert to answer questions and educate customers about the PCI DSS. · Strong experience working with Microsoft Excel, SharePoint, GRC tools, etc. · Writing detailed technical reports and supporting documentation for the customer and the card brands. · Creating and presenting executive reports across multiple organization leadership levels. · Scheduling and leading technical interviews with various customer groups and subject matter experts. · Providing reports and metrics to client on gaps, remediation efforts, clarifications, etc. with customer. Education Requirements: · Technical education background of B.Tech in Cyber/Information Systems/Information Security or similar · Certifications: PCI QSA, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified ISO 27001 Lead Implementer, Certified Information Systems Auditor (CISA) Personal Attributes: · Strong client relationship building/ interpersonal skills · Ability to self-motivate and open to manage complex projects with multi-tasking. · Excellent organizational skills; High Ethical quotient
Network Security - Alpha
Job Description We are looking for a passionate Info Sec Pen Testing Consultant like you, having experience in external and internal vulnerability assessment and penetration testing. You will be part of SISA’s Delivery team; will be working in collaboration with other Info Sec and IT Operational teams to maintain a secure environment and for incident response capabilities. This is a fantastic opportunity to be part of a leading Cybersec firm whilst being instrumental in the growth of our service offering. Roles & Responsibilities Perform periodically system and application VAPT (Vulnerability Assessment and Penetration Testing) using automated and manual approach- Perform asset and network discovery activities, helping ensure full coverage of the vulnerability discovery.- Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and asset- Identify and test vulnerabilities in the areas of the information system and networks security.- Conduct and compile findings on new vulnerabilities, new tools for departmental use- Create project deliverables /reports and assist the immediate supervisor during submissions and client discussions- Performing assessment related to Red Teaming, Network Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Secure Code review, AD Security Assessments, Vulnerability Management, Social Engineering Assessments, Wireless Penetration Testing. Eligibility Qualifications:- Bachelor of Engineering (BE) – (CS) / (IS), Bachelor in Computer Application (BCA), Masters in Computer Application (MCA), Masters of Technology (M Tech), Masters in Computer science and Information Science, Masters in Forensic analysis / Cybersecurity.- Certification: CEH/ECSA/CompTia Security+ certification is Desirable. eJpt or any other industry recognized security certification a plus. Required Skills**- Hands on experience with Vulnerability Assessment and Penetration testing of thick & thin client-based applications, Operating systems, edge devices and firewalls.- Research, recommend, evaluate and implement information security solutions that identify and and/ or protect against potential threats, and respond to security violations, misuse of resources or noncompliance situations using defined escalation processes- Strong Experience of using open-source tools and commercials tools such as but not limited to Burp Suite, Metasploit, Nessus, Acunetix, Checkmarx, and Nexpose with operating systems Windows and Linux.- Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST.- Perform research on new vulnerabilities, attack vectors, exploits, tools and industry trends services.- Provide offsite and on-site consulting services to our customers.- Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.- Well familiar with basics of TCP/IP and Networking principles.- Extensive Working knowledge of Operating systems: Windows NT/2K3/XP and Linux or any Unix OS.- Knowledge about Computer Networks, System Security, Firewalls and Vulnerabilities. Personal Attributes:- Excellent verbal and email Communication Skills- Ability to effectively handle difficult situations- Able to prioritize and execute tasks in a high-pressure environment- Escalation management and De-escalation skill- Keen attention to detail- Problem-solving skills- Relationship-Management Skills and Team management Skills
Marketing Operations-Content Writer
Purpose of the Role: We’re looking for a competitive, hard-working, and goal-oriented marketing operation candidates to become part of SISA Institute team. You’ll be responsible for developing content assets like Blogs, White Papers, Case Studies and Customer Success Stories, Sales Presentation, Collateral, Webinar presentations and Branding activities. The individual should have minimum 1-3 years of experience in content writing with excellent written and verbal communication along with analytical skills. The individual should also be good at secondary research to understand the market trends and come up with highly relevant content pieces. Preference will be for the individuals who have experience in Information Security domain and knowledge on SEO/SMM. Roles & Responsibilities: Create and draft content for SISA’s Training Vertical in terms of creating collaterals, technical content, content for social media, preparing sales team content in terms of market positioning, creating infographics for workshops. etc Content planning calendar, coordinates cross-functional activities and planning processes, manages timelines, and ensures timely completion of all deliverables. Maintains professional and technical knowledge by attending educational workshops, reviewing professional publications, establishing professional networks, benchmarking state-of-the-art practices, and participating in professional societies Monitor market trends, research consumer markets and competitors’ activities Provide reporting on workshops and activities Visit us: www.sisainfosec.com Email resume to: [email protected] Required Skills: 1-3 years of Technical Content Writing experience Experience in writing content for marketing collateral such as brochures, e-mailers, ad copy etc. Excellent overall writing skills in a number of different styles/tones Performs other duties as necessary to support the objectives of division and company Impeccable spelling and grammar Creative thinking and ability to contribute to the ideation process Familiarity with keyword placement and other SEO best practices Education Requirements: MBA in Marketing or Mass communication Preferred technical educational background Exposure to content writing for IT/Software products &solutions Certification in Digital Marketing Personal Attributes: Excellent communication skills - both written and oral Strong attention to detail Must be comfortable writing for B2B segment Should be able to thrive in a fast-paced environment and can juggle multiple projects at a time Ability to adapt and work well with people and teams Up to date with trends, social