Job Description :
To operate in Cyber Defence - security service for penetration testing. Proactively discover vulnerabilities and ensure mitigation actions are deployed in the defined time schedule.
To manage and oversee all penetration testing projects, push vulnerability remediation, ensure to meet all defined SLA's and KPI's for the services provided by the teams.
Manage & administrate penetration-testing activities& ensure effective controls are in place to detect vulnerabilities across infrastructure, services and applications.
Execute security assessments and penetration tests to highlight and clearly articulate risk to the business in terms they understand
Create a scope definition of security tests and provide detailed technical reports of security tests with analysis results and recommended action plan for remediation
Create monthly and weekly reports on the Penetration testing activities and Participate in the senior management meeting to update the monthly / weekly status.
Maintain and operate the tools, devices and lab environment needed for security tests
Contribute to the creation and maintenance of Group level policies and guidelines concerning security assessment and testing
Proactively discover vulnerabilities in environments and produce defensive techniques and reports the analysis of vulnerability and remediation action with POC of exploits
Act as primary technical subject matter expert for security testing
Lead and oversee the work of junior colleagues in the team while executing remote or on-site tests
Accountable for the overall test execution, quality of work and deliverables of assigned security test engagements
Hold regular presentations and workshops on new techniques and methods both within and outside of the team
Responsible for the continuous development of security testing services and processes
Perform vulnerability research to identify new, previously unknown and unpublished vulnerabilities
Develop exploits and proof of concept (POC) code to demonstrate the feasibility of certain attacks
Key accountabilities and decision ownership :
a) Impact on the business
Executes security testing for the assets to highlight and clearly an articulate risk to the business.
Participates in the scope definition of security testing and Vulnerability management
Acts as primary technical subject matter expert for security testing.
Accountable for the overall testing infrastructure, testing execution, quality of work and deliverables.
Proactively discovers vulnerabilities in environments and ensure mitigation actions are implemented
Continuously develops security testing services and processes.
Performs vulnerability research to identify new, previously unknown and unpublished vulnerabilities and research and do a POC on exploit codes
Creates detailed technical reports about Vulnerability testing and hand over findings to resolver teams; response to technical queries related to the reports and findings.
Tracks the work of the resolver team. Follows up remediation actions with the local IT security managers.
Collaborate with infrastructure and application owners on security hot-fixes.
Support the cyber incident response team in specified vulnerability discovery and identification tasks during incident response and major security breach and incident management.
Coordinate with stakeholders to develop requirements for service enhancements
Research about new zero-day vulnerabilities, exploitation techniques and ensure tests are targeted to identify the new vulnerabilities in the environment and ensure appropriate mitigation actions are initiated
Documents SOP, KEDB, processes and procedures.
Integrate findings across infrastructure, to provide a holistic security posture for assets
b) Communication :
Good communication skills in order to drive the various operationally required communication processes within the VM Security Infrastructure
Core competencies, knowledge and experience :
Relevant experience in VAPT
Must have industry-recognized security certifications like OSCP
Experience with Information security concepts and design principles.
Familiarity with the Secure Development lifecycle.
Experience in experience in Kali Linux and other penetration testing tools
Should have experience in Operating systems like Linux, Windows, web application, Virtualisation-VMWARE, network / infrastructure security and assessments
Should have hands-on experience in industry-standard tools for port scanning, fuzz testing and vulnerability tests.
Experience in Web Application security testing (Black, White and grey box) and validation of the vulnerabilities.
Knowledge of OWASP, Sandbox, Kali Linux, Burp suite, CVE, SSL PKI,2FA, IAM, Perimeter security, SIEM solutions.
Understanding digital certificates and PKI infrastructure.
Good exposure in Database technologies (SQL, Oracle).
Good Experience in SAST, DAST (web application security),
Knowledge of Mobile application security testing.
Good knowledge of one of the VA tools like Rapid7, Nexpose, QualysGuard, Tenable Nessus, etc.
Experience in reverse engineering is added advantage.
Experience with scripting and programming skills (Python, Powershell, Java, Perl, Ruby, etc).
Updated knowledge of the latest exploits and security trends., Dark Web, MITRE attack framework and kill chain model, APT
Must have technical / professional qualifications : Degree in Computer Science / Information Technology / Engineering or similar