02 : Network infra penetration testing - Lead
Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
8+ years of IT professional experience, with 6+ years Information Security experience, with previous as a network and cloud pen tester
Expert in identifying the network ports, peripherals, and other common weak points that can help gain access to a business system
Use of multiple tools for Discovery and Recon phase to identify most of the entry points to start the infra-assessment
Identifying Network Security Flaws in an operating system, cloud and network
Conduct configuration reviews for OS, DB, Firewall, Routers, Switches and other infrastructure components
Conduct vulnerability assessment and penetration testing and configuration review for network and cloud
Perform penetration testing and vulnerability assessment on various types of technologies and implementations using automated (commercial, open source) tools and manual techniques. This may include
Network infrastructure and wireless networks
Servers, platforms, containers, hosting infrastructure and services
Conduct assessments of the Cloud SaaS environments
Have experience evaluating cloud environment configurations, such as bucket policies, IAM policies, security groups and ACLs, for security vulnerabilities and integrating these findings into the pen test
Drive end to end assessment & governance compliance and ensure OS like Microsoft Windows Server, Linux, Unix, Voice Infra, Mac are secured
Knowledge of popular security tools Nessus, Qualys, Burpsuite etc.
Good hands-on experience of KALI Linux and Metasploit
Hands on experience in Network monitoring tools like Wireshark, Ettercap
Knowledge of PCI / DSS, Cloud Security Alliance, ISO2700x controls.
Security Certifications - GPEN, CPT, OSCP, OSCE, GIAC, published CVE, Github projects, bug bounty profiles, hackthebox profile, or similar.
Test security within Microsoft Azure, AWS and Cloud technologies implementation
Research potential improvements to servers and recommend fixes as per Industry Best Practices to the Management.
Conducting Penetration Testing and closing vulnerabilities in the servers
Manage and ensure effectiveness of security solutions, including server security
Identifying and maintaining Key metrics and SLA on Infrastructure Security.
Broad technical knowledge of infrastructure technologies i.e. Vulnerability assessment, Penetration testing, SIEM, DLP, Malware Protection, IDS, Wireless IPS, DMZ and Firewall Security.
Independently execute red team assessments to identify security exposures and to evaluate effectiveness of security controls and response.