Cloud Infra penetration testing Engineer -Software Engineer II | Leading Fortune 100 Global Company | 4 - 6 Years | T881-1244
3d ago

04 : Cloud Infra penetration testing

Qualifications :

Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.

6+ years of IT professional experience, with 4+ years Information Security experience, with previous as a cloud infra pen testing

Requirements :

  • Experience in security on cloud AWS Google Cloud -GCS AZURE
  • Good understanding in Cloud Assessment Methodology, Infrastructure Cloud Components, Services and Databases in the Cloud
  • Strong background on Kubernetes, Serverless, microservice and Lambda
  • Identifying all possible entry points into the environment O365, Web Applications, Storage Blobs, S3 Buckets, SQL / RDS Databases, Azure Automation APIs, AWS APIs, Remote Desktops, VPNs, etc.
  • Expert on Authentication and Authorization Testing to Bypassing the Privilege, robust multi factor authentication policies etc.,
  • Conduct penetration testing to ensure that the virtual machines are protected via Network Security Groups (NSGs analogous to firewalls) and their data is encrypted at rest
  • Strong hand-on experience in performing cloud environment related attacks such as Abusing Databases for Privileges Escalation with Redis and NoSQL, S3 bucket configuration and permissions flaws, IAM Privilege Escalations
  • Expert in examine storage blob permissions for any data leakage
  • Hands on experience in establishing private-cloud access through Lambda backdoor functions
  • Check the proper input validation for Cloud applications to avoid web application Attacks such as XSS, CSRF, SQLi, etc.
  • Hands on experience in tools such as Nexpose, AppThwac and cloud related security tools
  • Ideal candidate with have experience / skills in identifying the following classes of vulnerabilities :
  • o Cover tracks by obfuscating Cloudtrail logs

    o Targeting and compromising AWS IAM keys

    o Finding and Using Undocumented APIs

    o Azure Active Directory and SAML

    o Windows Containers

    o Backdooring Containers

    o Credential Stuffing and Leveraging Password Methodologies

    o Backdooring Web Applications with Tokens

    o Heavy and Lite Shells

    o Backdooring Containers

    o Load Balancer and Proxy Abuse

    o Windows Backdoors

  • Certification : CEH, AWS Security, AZURE or OSCP relevant security certification
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form