PwC - Cyber Security Professional - Vulnerability Assessment & Penetration Testing

Responsibilities:

- Conducting Vulnerability Assessment and Penetration Testing through Automated tools and providing the recommendations toward the mitigation of vulnerabilities

- Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools

- Map out a network, discover ports and services running on the different exposed network and security devices

- Conduct penetration test and launch exploits using Nessus, Metaspoilt, Backtrack penetration testing distribution tools sets

- Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.

- Analyze scan reports and suggest remediation/mitigation plan

- Keep track of new vulnerabilities on various network and security devices for different vendors

- Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices

- Advanced technical analysis on intrusions

- Audit configuration of Network and Security devices

- Providing rich client specific reports

- Experience in network vulnerability scanning penetration testing

- Experience with Nessus NetCat, NMAP Backtrack, Metasploit,, HPing, and similar tools set like retinas, Qualys, McAfee (Foundstone)

Core Skill Set required:

- Overall experience in the field of Information risk and security related initiatives/ projects

- Ability to understand business concepts and integrate business risk elements into security operations.

- Good communication and interpersonal Skills

- Experience in conducting VAPT

- Experience of working independently & as a team player

- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)

- Strong ethics and understanding of ethics in business and information security

- Should have exposure to Code review, Network VA/PT and App VA/PT work

- Understanding and familiarity with common code review methods and standards

- Experience with code scanning toolsets such as Fortify and Ounce

- Knowledge of OWASP tools and methodologies

- Understanding of HTTP and web programming

- Knowledge of common security requirements within ASP.NET application

- Knowledge of standard SDLC practices

- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)

- In-depth understanding of Common Vulnerability Exposure (CVE)/ Cert advisory database

Qualifications:

- Bachelors in Engineering, BTech/BE, BCA

- Masters in Business Administration/ Masters in Software engineering/ M.Tech / Masters in Cyber Law

- Professional certifications - CISA/ CISSP/ CISM Preferred