► Should have minimum 2 yrs of information security experience (client serving candidates preferred) in conducting application/network security assessments – We are looking for candidates across all experiences, Candidates with relevant experience and skill set will be treated accordingly.
► Should possess at least one of the following certifications OSCP, SANS GPEN, CISSP or any other industry accredited security certifications
► Good interpersonal, problem solving, reasoning and analytical skills
► Should have the ability to communicate technical concepts effectively, both in writing and orally, as well as the interpersonal skills required to collaborate effectively
Duties and Responsibilities:
► Technical execution and the quality of the deliverables for the engagements
► Promote the development of the team by providing constructive on-the-job feedback/coaching to team members
► Demonstrate ability to quickly assimilate to new knowledge.
► Experience in conducting Vulnerability assessments, vulnerability scanning solutions and penetration testing tools.
► Web Application Security Assessment – In-depth knowledge of web application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc) and Thick client applications, mobile applications (VAS), ERP applications (SAP, etc)
► Experience in Internal & External Penetration Testing on Network Infrastructure (including Servers, firewalls, Routers, switches, etc) including conducting wireless security assessment
► Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools.
► Experience in conducting Red Team assessments, APT attack simulations, Bug Bounty etc is an added advantage.
► Experience on Virtualization technologies, SAP security, IoT is an added advantage.
► Security Focused Code Review of Applications (at least one of the following languages C, C++, Java, .NET)
► Thorough understanding of OWASP Top 10, SANS Top 25 vulnerabilities and their mitigation techniques. Understanding of application security guidelines/requirements from OWASP, PCI/DSS etc
► Proficiency with understanding and writing/modifying exploits.
► Scripting skills using Python, PowerShell or bash
► Experience with network penetration testing tools such as nessus, nmap, core impact, metasploit, and similar
► Experience with analyzing Router, Switches, Firewall rule base focused on security.
► Experience in Security Architecture Review
► Experience in cloud such as AWS, Azure etc.
► Experience with product threat modelling and risk assessment