Experience in the range of 6-8 years. Work timings being 9AM-6PM.
Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
Work closely with application, network and infrastructure teams when performing tests against new or existing systems
Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
Be a part of the SDLC process for testing of new application systems/infrastructure
Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc)
Create, maintain and report metrics that measure effectiveness of various security controls.
Document areas of significant exposure to information systems and recommend solutions.
Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
The ability to articulate risks and findings to management
Experience in preparing a security threat model and associated test plans.
Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
Knowledge of current information security threats. Good understanding of coding best practices and standards.
In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
Excellent communication skills both written and verbal.
Critical thinking and good problem-solving abilities.
Organized in planning and time management skills are preferred.
Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.
Key Responsibilities:
Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Web services/APIs and mobile applications/devices.
Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
Produce actionable, threat-based, reports on security testing results.
Stay abreast of newer trends in tools and technologies used for web application security.
--
You must verify your mobile number to apply to this job.