Cyber Security Engineer - Penetration Testing (4-9 yrs) Bangalore/Pune (DevOps)
Assort Staffing
2d ago
source :

Job Description :

  • To operate in Cyber Defence - security service for penetration testing. Proactively discover vulnerabilities and ensure mitigation actions are deployed in the defined time schedule.
  • To manage and oversee all penetration testing projects, push vulnerability remediation, ensure to meet all defined SLA's and KPI's for the services provided by the teams.
  • Manage & administrate penetration-testing activities& ensure effective controls are in place to detect vulnerabilities across infrastructure, services and applications.

  • Execute security assessments and penetration tests to highlight and clearly articulate risk to the business in terms they understand
  • Create a scope definition of security tests and provide detailed technical reports of security tests with analysis results and recommended action plan for remediation
  • Create monthly and weekly reports on the Penetration testing activities and Participate in the senior management meeting to update the monthly / weekly status.
  • Maintain and operate the tools, devices and lab environment needed for security tests
  • Contribute to the creation and maintenance of Group level policies and guidelines concerning security assessment and testing
  • Proactively discover vulnerabilities in environments and produce defensive techniques and reports the analysis of vulnerability and remediation action with POC of exploits
  • Act as primary technical subject matter expert for security testing
  • Lead and oversee the work of junior colleagues in the team while executing remote or on-site tests
  • Accountable for the overall test execution, quality of work and deliverables of assigned security test engagements
  • Hold regular presentations and workshops on new techniques and methods both within and outside of the team
  • Responsible for the continuous development of security testing services and processes
  • Perform vulnerability research to identify new, previously unknown and unpublished vulnerabilities
  • Develop exploits and proof of concept (POC) code to demonstrate the feasibility of certain attacks
  • Key accountabilities and decision ownership :

    a) Impact on the business

  • Executes security testing for the assets to highlight and clearly an articulate risk to the business.
  • Participates in the scope definition of security testing and Vulnerability management
  • Acts as primary technical subject matter expert for security testing.
  • Accountable for the overall testing infrastructure, testing execution, quality of work and deliverables.
  • Proactively discovers vulnerabilities in environments and ensure mitigation actions are implemented
  • Continuously develops security testing services and processes.
  • Performs vulnerability research to identify new, previously unknown and unpublished vulnerabilities and research and do a POC on exploit codes
  • Creates detailed technical reports about Vulnerability testing and hand over findings to resolver teams; response to technical queries related to the reports and findings.
  • Tracks the work of the resolver team. Follows up remediation actions with the local IT security managers.
  • Collaborate with infrastructure and application owners on security hot-fixes.
  • Support the cyber incident response team in specified vulnerability discovery and identification tasks during incident response and major security breach and incident management.
  • Coordinate with stakeholders to develop requirements for service enhancements
  • Research about new zero-day vulnerabilities, exploitation techniques and ensure tests are targeted to identify the new vulnerabilities in the environment and ensure appropriate mitigation actions are initiated
  • Documents SOP, KEDB, processes and procedures.
  • Integrate findings across infrastructure, to provide a holistic security posture for assets
  • b) Communication :

  • Good communication skills in order to drive the various operationally required communication processes within the VM Security Infrastructure
  • Core competencies, knowledge and experience :

  • Relevant experience in VAPT
  • Must have industry-recognized security certifications like OSCP
  • Experience with Information security concepts and design principles.
  • Familiarity with the Secure Development lifecycle.
  • Experience in experience in Kali Linux and other penetration testing tools
  • Should have experience in Operating systems like Linux, Windows, web application, Virtualisation-VMWARE, network / infrastructure security and assessments
  • Should have hands-on experience in industry-standard tools for port scanning, fuzz testing and vulnerability tests.
  • Experience in Web Application security testing (Black, White and grey box) and validation of the vulnerabilities.
  • Knowledge of OWASP, Sandbox, Kali Linux, Burp suite, CVE, SSL PKI,2FA, IAM, Perimeter security, SIEM solutions.
  • Understanding digital certificates and PKI infrastructure.
  • Good exposure in Database technologies (SQL, Oracle).
  • Good Experience in SAST, DAST (web application security),
  • Knowledge of Mobile application security testing.
  • Good knowledge of one of the VA tools like Rapid7, Nexpose, QualysGuard, Tenable Nessus, etc.
  • Experience in reverse engineering is added advantage.
  • Experience with scripting and programming skills (Python, Powershell, Java, Perl, Ruby, etc).
  • Updated knowledge of the latest exploits and security trends., Dark Web, MITRE attack framework and kill chain model, APT
  • Must have technical / professional qualifications : Degree in Computer Science / Information Technology / Engineering or similar
  • Apply
    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form