Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications / devices using industry standard VAPT / Mobile testing tools.
Shall also develop / review procedures and policies related to Information Security, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting and enhance them with best practices
Should be able to perform effectiveness test for various Security solutions such as Anti-virus, SIEM, WAF, Firewalls, IPS, Switches and Routers with suitable use cases.
Develop and maintain security testing plans (VAPT) and track the progress and present to the management. Create project deliverables / reports and assist the CISO during submissions and Management presentations / discussions
Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
Produce actionable, threat-based, reports on security testing results
Regularly follow-up IT and other stake holder on compliance and escalate.
Act as a source of direction and guidance for the vendor representatives assigned with VAPT and other assessment exercises in addition to the in house assignments.
Shall manage the complete project and act as bridge between CISO and Vendor representatives.
Mentor and coach other IT security staff to provide guidance and expertise related to Application and infrastcruture security best practices from time to time
Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
Communicate security issues to a wide variety of internal and external stake holders (as needed) including technical teams, executives, risk groups, vendors and regulators
Critical thinker and problem solver
Excellent organizational and time management skills
Technical Skills Required
Hands on knowledge on Tools : Nmap, Kali Linux, Metasploit, Armitage , Maltego, Burp, Paros Proxy Nessus, nexpose, wireshark, sqlmap etc.
Should have experience of handling application assessment tools like of tools like HP Fortify, IBM Appscan, Burpsuite
In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
Hands on experience with testing frameworks such as the PTES and OWASP
Applicable knowledge of Windows client / server, Unix / Linux systems, Mac OS X, VMware / Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.
Familiar working with Publicly available exploits codes.
4-7 years of Information Security Assessments including Vulnerability Assessments, Penetration testing of large-scale infrastructure
Experience of understanding Information System Vulnerabilities and exploit techniques
Thorough knowledge of OWASP top ten attacks for web and mobile and remediation.
Knowledge of Open Source Security Testing Methodology Manual (OSSTMM)
University graduate with a degree in Computer Science, Computer Engineering or any other related discipline.
Professional certification / qualification
Candidates with any of the following certifications is preferable :
CISSP, CISM, LPT, OSCP, GPEN, GMOB, Kali Linux certified professional etc
أضف الى المفضلات
إزالة من الإشارات المرجعية
يجب تسجيل الدخول إلى حسابك لإضافة هذه الوظيفة إلى لائحة الوظائف المفضلة لديك. انقر فوق "متابعة" لتسجيل الدخول أو إنشاء حساب جديد. ستتمكن بعد ذلك من الوصول إلى لائحة الوظائف المفضلة من موقعنا على الويب أو من تطبيق neuvoo للجوال.