Consultant-Information Security- VAPT

Consultant-Information Security- VAPT
Ernst & Young LLP - Bangalore, India
Full Time
Banking, Financial Services and Insurance
Cyber Security

Job Description


►     Should have minimum 2 yrs of information security experience (client serving candidates preferred) in conducting application/network security assessments – We are looking for candidates across all experiences, Candidates with relevant experience and skill set will be treated accordingly.

►     Should possess at least one of the following certifications OSCP, SANS GPEN, CISSP or any other industry accredited security certifications

►     Good interpersonal, problem solving, reasoning and analytical skills

►     Should have the ability to communicate technical concepts effectively, both in writing and orally, as well as the interpersonal skills required to collaborate effectively

Duties and Responsibilities:

►     Technical execution and the quality of the deliverables for the engagements

►     Promote the development of the team by providing constructive on-the-job feedback/coaching to team members

►     Demonstrate ability to quickly assimilate to new knowledge.



►     Experience in conducting Vulnerability assessments, vulnerability scanning solutions and penetration testing tools.

►     Web Application Security Assessment – In-depth knowledge of web application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc) and Thick client applications, mobile applications (VAS), ERP applications (SAP, etc)

►     Experience in Internal & External Penetration Testing on Network Infrastructure (including Servers, firewalls, Routers, switches, etc) including conducting wireless security assessment

►     Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools.

►     Experience in conducting Red Team assessments, APT attack simulations, Bug Bounty etc is an added advantage.

►     Experience on Virtualization technologies, SAP security, IoT is an added advantage.

►     Security Focused Code Review of Applications (at least one of the following languages C, C++, Java, .NET)

►     Thorough understanding of OWASP Top 10, SANS Top 25 vulnerabilities and their mitigation techniques. Understanding of application security guidelines/requirements from OWASP, PCI/DSS etc

►     Proficiency with understanding and writing/modifying exploits.

►     Scripting skills using Python, PowerShell or bash

►     Experience with network penetration testing tools such as nessus, nmap, core impact, metasploit, and similar

►     Experience with analyzing Router, Switches, Firewall rule base focused on security.

►     Experience in Security Architecture Review

►     Experience in cloud such as AWS, Azure etc.

►     Experience with product threat modelling and risk assessment