Information Security Analyst

The Information Security Analyst will lead the efforts to secure the Amdocs ecosystem by guiding and monitoring the different IT/ Product/ Business teams to ensure organizational security, by designing a secure architecture of software products/ conducting risk and threat analysis/ analyzing and managing a secure solution in the domain of infrastructure/ application while responding to specific stakeholders questions.

As an Information Security Analyst, candidate must focus on identifying and assessing vulnerabilities in software systems, Networks and mobile based application.
The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments.
Experience to work closely with Application Developers/architects to track the security defects to closure
The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks.
To actively contribute to the Vulnerability management efforts of the organization via developer query resolution on vulnerabilities and defect tracking to closure.
Well versed with OWASP - Top Ten and WASC Threat Classifications
Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
Business Logic based application testing
Penetration testing of Mobile applications and websites.
Exploitation of the issues found and presenting the impact occurred
Source Code Reviews - Well versed in Java Secure Code Review

Expertise in Automated Scanning using CheckMarx and Fortify
Well versed with OWASP Code Review concepts & identifiers
Familiar with popular tools:
Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark
Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider
Exploit Toolkits: Metasploit, Exploit DB etc.

Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them
Strong expertise in security technologies and significant experiences in information technology focusing on security related vulnerabilities
Good to have programming experience in Java, shell scripting, Perl, or Python
Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
Application Security Testing/Penetration Testing (Web based, Thick client, web services, Mobile) - Must
Network Security Testing/Penetration Testing (Network, OS, Databases etc.)
Static Code Analysis/ Secure Code Review - Must
Security defect Tracking and working closely with Developers to fix the issue
Bachelors or higher degree in Computer Science or equivalent experience

• You will be able to demonstrates an understanding of key business drivers and ensures strategic directions are followed and the organization succeeds
• You will be able to gathers relevant data, identifies trends and root causes, and draws logical conclusions to develop solutions
• You will have ability to assess details, systems and other factors as part of a single and comprehensive picture
• We are a dynamic, multi-cultural organization that constantly innovates and empowers our employees to grow. Our people our passionate, daring, and phenomenal teammates that stand by each other with a dedication to creating a diverse, inclusive workplace!
• We offer a wide range of stellar benefits including health, dental, vision, and life insurance as well as paid time off, sick time, and parental leave