Roles and Responsibilities:
- Provide innovation within the context of the Vulnerability and Penetration Testing (VAPT) program in relation to both process and technology.
- Design, implement, and support VAPT solutions identified as necessary for the protection of organizations assets.
- Serve as a Subject Matter Expert (SME) for the VAPT function.
- Serve as the system owner for common VAPT toolsets, platforms, and processes.
- Assess the sufficiency of policies, standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture.
- Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the CISO
- Provide input into security risk assessments by leveraging specialized knowledge.
- Work with DevSecOps team for continuous analysis and improvement.
- Report compliance failures to management for immediate remediation.
- Mentor junior members of the VAPT group and provide constructive consultation to other peer groups such as IT Development.
- Assisting the Chief Information Security Officer in the fulfilment of responsibilities
Desired Candidate Profile
- Graduate/Post Graduate degree in Information management and security (pref. B. Tech/ M.Tech/MS)
- 5+ years of professional experience in information security with a focus on vulnerability assessment and penetration testing.
- Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper etc. Proficiency with other common attack tools and frameworks such as Wireshark, Kali, and Metasploit, etc.
- Ability to validate the presence of identified vulnerabilities with accuracy.
- Must have the ability to perform targeted penetration tests without use of automated tools.
- Capable of providing assistance with the preparation of internal training materials and documentation.
- Passionate in the practice and pursuit of VAPT excellence
- Knowledge of cloud technologies and cloud hosting (nice to have)
- Relevant certifications CEH, ECSA, OSCP, OSCE is an added advantage
KEY COMPETENCIES/SKILLS REQUIRED :
VAPT, Configuration Reviews, Network Architecture reviews, Ethical Hacking
Didn’t find the job appropriate? Report this Job