About this role
Grade : E4 JD: Security Objectives and Security Assessment for 11x,12x and PrimeStone Solutions • Understand Trilliant’s Product Lines and assess security challenges. • Vulnerability management - triage and manage vulnerabilities identified through scanning and manual efforts. • Work closely with other teams to develop and promote security architectures to protect microservices, serverless, containers, application development and operations practices. • Utilize threat modeling concepts and frameworks such as MITRE ATT&CK, STRIDE, etc. to continually identify ways to protect and defend Trilliant Solutions by executing attacks that emulate a range of adversaries. • Ensure compliance to information security practices & standards to reduce the likelihood of breaches, audit findings, regulatory, and legal liabilities. • Define and own metrics and key performance indicators to determine the effectiveness of the Security Automation program. • Identify complex security vulnerabilities and exploit them before an external attacker can exploit them. • Leverage SAST and DAST tools such BurpSuite, Tenable etc. to perform Penetration testing on Trilliant platforms including Prime Analytics and Prime Read. • Test Trilliant platforms against OWASP top 10 and other similar frameworks to identify vulnerabilities and Threats. • Leverage APIs for off-the-shelf and common security and IT tools to gather data for analytics. • Ingest data from different sources, such as Tenable API, SonarQube API, threat models etc. to build data processing system for reporting & analytics. • Present dashboards and ad hoc analyses to key stakeholders in order to increase adoption and understanding of key performance indicators (KPIs) and business drivers. Vulnerability Analysis and Penetration Testing • Execute security test activities such as SAST, DAST, SCA etc. on Trilliant Solutions and provide threat summary to stakeholders. • Develop and deliver a framework for performing threat modeling, risk, and vulnerability assessments of prioritized Trilliant systems and environments. • Work with program teams to mitigate identified threats raised as part of threat modeling & penetration testing activities. • Perform and deliver recurring security audits report on Trilliant solutions including 12x, uHES and Prime Analytics. • Perform and Deliver VAPT regression reports on Trilliant solutions including Prime Analytics and work with program teams to mitigate and retest the identified risks. • Deliver data driven security dashboard to reflect security posture of the solutions. • Perform vulnerability and penetration tests of Trilliant systems, services, cloud infrastructure or applications to discover vulnerabilities. • Document and publish high risk vulnerabilities and security posture of Trilliant Solutions. • Identify test cases ideal for automation and provide effective inputs into automation requirement. • Leverage automation to scale penetration testing capabilities across Trilliant solutions (as applicable). • Contribute to requirements analysis, design, development, and adoption of security automation.