Security researcher - windows

Posted: July 27, 2023, 11:16 a.m. - Full Time - Delhi

Job Overview

● Designs and develop tools for Red Teaming, Penetration Testing, Security Assessments and targeted attack simulations especially in Windows environment. ● Perform various types of Security testing (Windows, Web Application, Web Server, Network & Infrastructure) for clients to identify, exploit and propose solutions for security issues. Building Windows & Web based Apps and Tools to assist in Red Teaming. ● Delivering Capacity Building services at Client Site. ● Perform and report Application Audits, Vulnerability Assessments / Penetration Testing for IT infrastructure including network devices, operating systems, Databases, applications, etc. ● Monitor and analyze attack surface vector and threat actor activities. ● Developing PoCs for past vulnerabilities or research new vulnerabilities as per client requirements. ● Stay updated with recent IT Security trends and technologies. ● Research security enhancements and make recommendations to management

Technical Skillsets (Mandatory) ● Proficient with Computer Language (C/C++/C#), x86 & x 64 assembly, Python, Windows/Linux system API & ABI ● Sound knowledge of windows internals ● Proficient in file-less malware, state-of-the-art techniques used in offensive security. ● Understanding of Anti-Virus Functionality and API Hooking ● ln-Depth knowledge of malware components such as persistence, C&C, File-Less, AV-evasion, in- memory attacks. ● Reverse Engineering, static and dynamic binary analysis with IDA, GHYDRA and Debuggers ● Understanding of web protocols, standards, TCP/l P protocols. ● Knowledge of Scripting languages such as Python/HTMUJS ● Awareness regarding globally arising malware offensive techniques

● R&D of most advanced malware techniques and counter- measure techniques

● Understanding of Analysis tools such as Syslnternals, Sniffer, Anti-rootkits ● Shell scripting and PowerShell for automation and system administration. ● Understanding of MITRE ATT&CK Framework ● Practical exposure with recently released OWASP Top 10. ● Industry Certificates such OSCP, GREM, etc