Create technical assessments which details the vulnerabilities, steps to reproduce, and recommendations for remediation.
Coordinate with stakeholders to complete test plans, bug details, and final report for each project.
Recommend technical mitigations for device and systems development teams.
Research, evaluate, document, and discuss findings with project teams and management.
Pinpoint methods and entry points that attackers may use to exploit vulnerabilities.
Recommend improvements for Security policies, and procedures.
Provide security guidance and input to engineering teams during design review and threat modeling.
Stay updated on the latest malware and security threat.
What You Need to Succeed:
BE or M Tech in Computer Science & Engineering / Computer & Information Science.
3 to 4 Years’ experience in penetration testing, security review, analysis, reporting, vulnerability assessment and management.
Knowledge of IoT systems and technologies (device, mobile, web, cloud)
Ability to use security testing tools, such as Burp Suite, Nmap, Nessus, tenable, Qualisys guard, nexpose, rapid7, Metasploit, and others.
Mobile and web development experience.
Exceptional problem-solving skills.
Excellent verbal and written communication skills.
Excellent interpersonal skills.
Certification in a related discipline, such as OSCP, OSWP, GPEN, GWAP or CEH.
Strong programming skills in programming languages like Python, C#, ObjectiveC, Swift, android, angular, C or C++ is desired.
Strong scripting skills is desired.
Experience with static and dynamic code analysis (manual / via tools like Sonar Cube, Check Marx, Fortify) is desired.
Experience fuzzing applications and protocols is desired.
Experience in networking, firewall configuration and deployment along with background in network devices (Firewalls, routers, switches, load balancers, and others) is desired.
Experience in Docker or container security, secure configuration review and CIS benchmarks is desired.
Experience in authentication systems, VPN, MFA, SSO and Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMM is desired.
Experience in threat modeling IoT products, cloud infrastructure, microservices, etc. is desired.
Knowledge of securing infrastructure, DevSecOps on one or more cloud providers (AWS, GCP, Azure) is desired.
--
You must verify your mobile number to apply to this job.