Project Role: Security Engineer
Project Role Description:
Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people.
Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats.
Must have skills: Security Penetration Testing
Minimum 5 year(s) of experience is required
Educational Qualification: BE/BTech
Key Reponsibilities:
• Solid understanding of OWASP and SANS security testing methodology
• Analyze and interpret security test results to provide recommendations for remediation.
• Knowledge of Secure SDLC and Security standards like CWE, NIST, OSSTMM
• Think critically about complex problems and situations.
• Consider emerging web-based vulnerabilities and threats from within the context of organizational risk and business impact.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
• Develop and deliver walkthroughs, proof(s) of concept, articles, and formal presentations.
• Execute verification and validation testing for mitigations and fixes.
• Keep up-to-date with security trends and developments, and provide insights to the team.
Technical Experience:
• Experience in performing penetration testing on enterprise networks, web applications, APIs and mobile applications.
• Familiarity with common web vulnerabilities including XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
• Experience in testing web-based APIs (REST, SOAP, XML, JSON). Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
• Experience in performing Reverse Engineering for APIs and mobile applications.
• Experience developing actionable intelligence based on open-source intelligence (OSINT) gathering.
• Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell.
• Experience on both commercial and open-source tools such as Kali Linux, Metasploit, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP and others.
Professional Attributes:
Strong analytical skill with a structured problem-solving approach• Must have good verbal and written communication skill and a good team player• Demonstrated creativity in complex problem solving and ability to work under pressure.• Certified in one of the Industry recognized penetration testing skill (OSCP, LPT, Comptia Pen test+, GPEN, GXPN)
--
You must verify your mobile number to apply to this job.