Manager - penetration testing

Posted: July 10, 2020, 6:18 a.m. - Full Time - Pune

Job Description :

  • We are looking for a Manager with 10+ years of experience with immediate joining and who are passionate about security threats and vulnerabilities, understand how to break the system from both the Application and network perspective. Who can focus on identifying and assessing vulnerabilities in software systems, Networks, and mobile-based applications

  • The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments.

  • The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks.

  • Well versed with OWASP - Top Ten and WASC Threat Classifications

  • Expertise in Vulnerability Assessment and Penetration Testing of Web Applications

  • Business- Logic-based application testing

  • Penetration testing of Mobile applications and websites.

  • Exploitation of the issues found and presenting the impact occurred

  • Source Code Reviews - Well versed in Java Secure Code Review

  • Well versed in OWASP Code Review concepts & identifiers

  • Familiar with popular tools: Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark - Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider - Exploit Toolkits: Metasploit, Exploit DB, etc

  • Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them

  • Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies, and development frameworks.

Mandatory Skills :

  • Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile)

  • Network Security Testing/Penetration Testing (Network, OS, Databases, etc)

  • Static Code Analysis/ Secure Code Review.

Responsibility as a Manager :

  • Manage and coordinate with the pen-testing team, security products team. Handle operations of Security Services, Security Training.

  • Handle business issues/customer requirements and provide timely solutions. Mentor team(s), handle client meetings, get engaged in business meetings. Manage all phases of the project, coordinate with testing teams and client teams, providing the best quality deliverables to the client. Guide, assist, and play an active role in brand building, customer relations.

  • Required Skills In-depth knowledge of Information Security Domains and InfoSec Services. Very good understanding of Security Services & Security Training.

  • Good understanding of business issues/customer requirements and Management. Project Management.

  • Excellent communication skills. Excellent Analytical skills. Highly detail-oriented and - strong interpersonal skills.

  • Problem-solving skills in a multi-product/service environment. Ready to adapt to the challenging and high demanding work environment of a start-up. Must have certification in Information Security.

  • Good report writing and presentation skills

  • Manages day-to-day interactions with clients and internal team

  • Displays leadership and business judgment in anticipating client/project needs and developing alternative solutions

  • Provide counseling/coaching, oversight, and support for delivery teams and staff