Amla - IT Security Specialist - VAPT

Description :COMPANY OVERVIEW :Amla Commerce is a global software company that has grown out of the belief that ecommerce software should enable sustainable growth.Amla has two products, Artifi Labs and Znode.Artifi Labs is an ecommerce product customization platform that allows shoppers to personalize, customize and configure products.Znode is an enterprise, B2B ecommerce platform with a rich set of built-in features to easily manage content, site search, product information, and multi-store functionality.At Amla, we are building something special.Awesome ecommerce software and a great place to be yourself.Dont be surprised if you smell beer on Friday afternoons.We put passion into our work but enjoy cracking jokes along the way.Our teams tackle complex challenges and work together to create innovative solutions, and we celebrate every little victory along the way.If youre ready to tackle opportunities that will help grow your career while joining a team thats more like a family, Amla is waiting for you.Job Summary :Amla Commerce is looking for an experienced IT Security Specialist to join our team and contribute to the security of our infrastructure and web applications.The ideal candidate will have a strong background in infrastructure security, manual penetration testing, vulnerability assessment, and web application security.Key Responsibilities :- Conduct manual penetration testing of infrastructure systems, networks, and applications to identify security vulnerabilities and potential risks.- Utilize various penetration testing tools such as Nmap, Nessus, Burp Suite, Owasp Zap, and Metasploit Framework to identify and exploit vulnerabilities.- Perform vulnerability assessments using both manual approaches and vulnerability assessment and penetration testing (VAPT) tools like Nessus, OpenVAS, and Qualys.- Collaborate with the development team to enhance the security of web applications by implementing secure coding practices and addressing OWASP Top 10 vulnerabilities.- Configure and manage web application firewalls (WAF) to protect against common web-based attacks.- Implement and maintain infrastructure firewalls, ensuring that proper configurations are in place to protect the network and systems from unauthorized access.- Manage IP access control lists and handle blocking/unblocking requests as per security policies.- Ensure compliance with SOC (Security Operations Center) standards and participate in audits and assessments.- Provide end user system security by deploying and managing antivirus solutions, conducting security awareness training, and responding to security incidents.- Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices to proactively identify potential risks and recommend mitigation strategies.Qualifications :- Bachelor's degree in Computer Science, Information Technology, or a related field.- Minimum 2 Years of relevant work experience.- Relevant certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), or CompTIA Security+ are preferred.- Proven experience in infrastructure security, manual penetration testing, vulnerability assessment, and web application security.- Strong knowledge of penetration testing tools and frameworks, including Burp Suite, Owasp Zap, and Metasploit Framework.- Familiarity with OWASP Top 10 vulnerabilities and best practices for securing web applications.- Experience with IDS/IPS tools for monitoring and preventing intrusions.- Familiarity with wireless/Wi-Fi security protocols, encryption standards, and best practices.- Knowledge of network and system security protocols, technologies, and best practices.- Strong problem-solving skills and ability to think strategically about security risks and solutions.- Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams and stakeholders.- Web application Vulnerability assessment and Penetration testing.- Infrastructure, network and Servers Vulnerability assessment and Penetration testing.- Worked on tools like, nmap, Metasploit, Burp Suite, Nessus, etc.- Knowledge of OWASP Top 10 and SANS Top 25 vulnerabilities.- Nessus reports analysis to cross verify false positives by doing POC.- BurpSuite report Analysis to cross verify false positives by doing POC.Nice-to-have's :- Experience with IDS/IPS tools for monitoring and preventing intrusions.- Familiarity with wireless/Wi-Fi security protocols, encryption standards, and best practices.- Knowledge of network and system security protocols, technologies, and best practices.- Worked on WAF like Cloudflare, Imperva, etc.- Implement and maintain infrastructure firewalls, ensuring that proper configurations are in place to protect the network and systems from unauthorized access.- Relevant certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional). (ref:hirist.tech)