Senior Threat & Vulnerability Advisor Job Vacancy in Shell Bengaluru, Karnataka – Updated today
Are you looking for a New Job or Looking for better opportunities?
We got a New Job Opening for
Full Details :
Company Name : Shell
Location : Bengaluru, Karnataka
Position :
Job Description : The Role
General Position Definition
General Position Definition
The purpose of the IRM Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.
The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.
The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.
In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.
Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (IDSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.
Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.
Position description – Purpose
Purpose
As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards.
Cyber attacks can cause damage to reputations, destruction of assets and loss of information. Shell is taking action to detect and respond to the continuous flow of these types of attacks.
As part of the Information Risk Management function, the CyberDefence capability has specific focus on identifying cyber threats, discovery of IT vulnerabilities, monitoring for cyber intrusions and response to security incidents.
As part of the CyberDefence capability the Vulnerability team has the following main areas of focus:
To find major vulnerabilities in IT landscapes where Shell data is hosted before they are being exploited for malicious purposes.To prioritize and help remediate vulnerabilities as soon as possible where required.To raise awareness of vulnerabilities through prioritized overviews of Cyber vulnerabilities in a context of IT services and Business applications.
As Senior Threat and Vulnerability advisor in this team you are responsible:
To plan, scope, execute and report on realistic Cyber attack simulations.To help setup automated asset discovery and vulnerability scanning on Shell It landscapes.To close high risk vulnerabilities as soon as possible and register other vulnerabilities for risk priorization and remediation where required.To create a prioritized overview of Cyber vulnerabilities and put this in a context of IT services and Business applications.
Position description – Accountabilities
Accountabilities
Asset Discovery
Setup and lead adequate discovery of new Shell IT assets in Shell’s legacy IT network, new Cloud environments and PCD and Retail environments.Ensure visibility in new areas such as Internet of Things and Cloud and investigate possibilities to keep track of IT assets.
Automated Vulnerability Scanning
Maintain a portfolio of tools for automated vulnerability scanning with a focus on Business Critical systems and systems that are available from the public Internet.Setup regular scanning and make results available for further analytics in IRM investigation platform.Take appropriate action on vulnerabilities where required.
Realistic Cyber Attack Simulations
Help create the plan to perform a minimum of 4 realist Cyber attack simulations in which prevent, detect and response capabilities are tested.Find appropriate sponsors for these tests and report the results in a way that is appropriate for audiences such as IRM LT and IDSO LT.
Security Posture Reporting
Use the results from asset discovery, vulnerability scanning, penetration testing and attack simulation to provide a overviews of vulnerabilities in Shell IT landscapes for different stakeholders including IRM LT and IDSO LT.Create specific reports for Business, Business Critical applications, IDSO service lines, External perimeters etc.
Generic
Lead improvement projects in the Vulnerability areaCoach and teach more junior team members to increase the knowledge within the team
Generic
Act as a Subject Matter Expert on implications of a vulnerability in an IT system and establishing the priority of applying security patchesHelp creating prioritized overviews of Cyber vulnerabilities and putting these in a context of IT services and Business applications.Take mitigating actions coming out of identified threats or vulnerabilities either directly by the team or agree the actions with other parties in Shell
Position description – Dimensions
Dimensions
This is an IDE-4 individual contributor role reporting to the Vulnerability lead.
Senior Threat & Vulnerability Advisor is part of a team of 3 Vulnerability analysts in in Rijswijk and 5 Penetration testers in Bangalore.
Position description – Special Challenges
Special Challenges
Realistic Cyber attack simulations are new in Shell and need to be carefully thought through to prevent Business disruption.
Position description – Additional comments
Additional comments
Due to the necessary handling of and access to highly sensitive and privileged information, the successful applicant of this position will need to agree to additional screening being conducted, before appointment. This would include the confirmation of CV, identity, right to work and qualifications, as well as checking additional items such as company directorships, credit/bankruptcy check and criminal record, as allowed under local legislation.
Experience and Qualifications required
Experience and Qualifications requiredOver all 9 – 13 years of experience in IT.Any Graduate
Is a knowledgeable, creative and responsible IT security professional.
Has excellent analytical skills and appreciates a technical challenge.Has a good technical understanding of and experience with IT networks, infrastructure and applications.Has a passion for IT technology and is able to share that with other members of the team.Has good written and verbal communication skills and provides well-informed advice.Produces high quality deliverables in terms of both content and presentation. Examples of deliverables include: reports, presentations and reasoned arguments.Carries out assignments and projects, alone or as part of a team, applying knowledge, skills, and experience.Demonstrates an understanding of the issues of interest to Shell and proposes viable solutions within the scope of own expertise, taking into account the needs of those affected.Maintains knowledge and experience of current practice within own area of expertise and is aware of current developments within own area of expertise.Develops and maintains knowledge of Cyber security and maintains an awareness of current developments.Promotes transfer of knowledge and awareness of information security to those in related areas.Is comfortable working virtually.Is able to think and act like a hacker using his creativity to bypass IT defences.Has at least 5 years experience in IT security and preferably 2 years experience in attack and penetration testing/ethical hacking or technical IT audits.Preferably has performed penetration testing on IT infrastructure, web applications and mobile platforms.Has a solid understanding of IT networks and operating systems such as Windows and Unix/Linux.Has experience with analysing network traffic using tools such as tcpdump, wireshark.Has experience using open source scanning tools such as nmap, nessus, metasploit and/or commercial tools such as Rapid7, Quallys.Has experience with scripting tools and programming languages such as Perl, Python, C, C++, VBS, Java and analytical and reporting tools such as Excel, SharePoint and preferably Splunk.Has relevant certifications such as, CISSP, SANS and recommended:SEC 560: Network Penetration Testing and Ethical HackingSEC 542: Web App Penetration Testing and Ethical HackingGWAPT: GIAC Web Application PenetrationOffensive Security Certified Professional – OSCP CertificationOffensive Security Wireless Professional – OSWP CertificationOffensive Security Certified Expert – OSCE CertificationOffensive Security Exploitation Expert – OSEE CertificationOffensive Security Web Expert – OSWE Certification
Hands on knowledge experience on OWASP top 10(Xss, SQL injection, CSRF etc) , SANS 25 vulnerabilities
Expertise in Application security, guiding developers and application teams on vulnerability remediation.
Expertise in operating Application security tools like Rapid7 Appspider, Netsparker
Knowledge on CI/CD pipeline able to understand the integration of security tools and guide the developers
Understanding of Application security design and providing guidance to developers on secure design
Good understating of SAST/DAST concepts and process
Knowledge on Mobile DAST scanning and vulnerabilities and remediation consultation
Knowledge on Splunk, basic querying and creating dashboards
Good communication skills to articulate and communicate with stake holders
Good reporting and presentation skills
Disclaimer
Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.
This post is listed Under App Development
Disclaimer : Hugeshout works to publish latest job info only and is no where responsible for any errors. Users must Research on their own before joining any company