Roles & Responsibilities
- Execute client engagements in application security assessments, source code review, infrastructure security Penetration Testing, and Vulnerability Assessment on client's IT infrastructure.
- Profile an application, identifying threats, and developing test cases to target identified threats
- Identify and exploit vulnerabilities in applications and infrastructure
- Prepare reports documenting identified issues based on internal templates
- Interact with clients in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on findings
- Act as a consultant/advisor in presenting risk and mitigation controls to the client based on the assessments (Identify potential vulnerabilities based on misconfiguration, policy, or design flaws on the client's IT applications and infrastructure.)
- Act as the technical subject matter expert (SME) for the junior professionals/consultants within the team
Educational Background
B. Sc. (IT) or B.E./B. Tech. or MCA or MBA (Computers & IT)
Preferred Certifications
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- SANS GIAC Certified Penetration Tester (GPEN)
- SANS GIAC Certified Web Applications Penetration Tester (GWAPT)
- Other vendor certifications specific to application and network security
Technical Experience:
Application Security:
Experience on security testing using OWASP TOP 10, OSTMM, SANS 25, PCI standards as reference in Web Applications Security Assessments.
Profile an application, identifying threats, and developing test cases and relevant threat models.
Experience with Source Code Review (manual and automated)
Experience in exploitation of vulnerabilities in applications
Experience in security testing of mobile applications/API's of Android/iOS/Windows Mobile/Blackberry
Testing tool experience: Intercepting proxies (i.e. Burp Proxy, Charles Proxy, Webscarab Proxy, Paros Proxy, etc), HP WebInspect, IBM Appscan, Acunetix, etc.
Code Review tools Experience (Checkmarx, HP Fortify, Veracode)
Experience with scripting (Python, PERL, Ruby, etc.)
Research emerging security topics and new attack vectors
Network Security:
Tool Experience: Nessus, NMAP, Superscan, THC Hydra, JTR, ISS, AppScan, AppDetective, Qualys Guard.
Experience in Penetration Testing of networks/infrastructure and exploitation techniques
Technologies like IPSEC, SSL, SSH, VPN, DNS, SMTP, FTP
Strong technical skills and project management skills in handling multiple Vulnerability Management assignments.
Skills & Ability:
- Good written and oral communication skills
- Manage project timelines, deadlines and expectations - including client interactions
- Basic Project Management skills
- Understand and be able to reason about the business, as it relates to their area of expertise. Translate complex technical concepts for the understanding of non-technical people
- Team Management skills
- Organising Skills (Reporting, timeline management, etc.)
- Project Management skills
- Should be open to travel.
Didn’t find the job appropriate? Report this Job