Preferred qualifications:
The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing.
Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g. Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc.
Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc.
Experience in using security frameworks such as MITRE, Metasploit, Kali Linux, OSSTM etc
Experience and knowledge of Red-teaming, Penetration testing of servers, and any assets (OS, infra & network)
The candidate should be able to carryout network testing, phishing, wireless and physical attack, threat modeling, mitigation strategies, conduct simulated attacks, identification of rouge devices, cyber war games, password cracking, lateral movement, data exfiltration PowerShell exploitation, Pass the hash, Kerberoasting, scripts, virtualization attacks
Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network)
Experience and knowledge of Web Application Security standards such as OWASP/SANS etc.
The Security Test Engineer should have the ability to stay organized, and possess excellent communication skills.
The security test engineer will be part of the audit team that shall conduct security audits for the clients in order to identify the gaps in terms of web security,
Skill in the following:
Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs
Network analysis tools to identify vulnerabilities
Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit.
Should be good at Intelligence gathering by Passive Reconnaissance to extract sub domains, hosts using OSINT tools such as recon-ng, the Harvester, etc
Exploiting OS misconfigurations and local process vulnerabilities to gain privileged access on target server
Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable.
Creation of vulnerability metric and remediation-related dashboards and reports.
Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing.
Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities.
Sound knowledge/ awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs.
Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies.
Working knowledge of the following:
Cybersecurity principles
Security source code review vulnerabilities
Cyber threats and vulnerabilities
System and application security threats and vulnerabilities
General attack stages (e.g., foot printing and scanning, enumeration, gaining access)
Escalation or privileges, maintaining access, network exploitation, covering tracks)
Ethical hacking principles and techniques; penetration testing principles, tools, and techniques
Use of penetration testing tools and techniques and social engineering techniques
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner.
Minimum qualifications:
Bachelor's degree or equivalent practical experience.
8+ years of relevant work experience within areas of application security testing
Previous experience with systems administration and/or programming.
Preferred certifications:
Offensive Security Certified Professional (OSCP)
CEH – Certified Ethical Hacker
LPT
Certified Red Team Professional
OSCE
--
You must verify your mobile number to apply to this job.