Red team and penetration testers - manager role

Posted: Sept. 2, 2021, 10:44 a.m. - Full Time - Chennai

Experience:

► Should have minimum 7 yrs of information security experience (client serving candidates preferred)
► Should possess at least one of the following certifications CISSP, CISA, CISM, OSCP/OSCE or any other industry accredited security certifications
► Good interpersonal, problem solving, reasoning and analytical skills

Duties and Responsibilities:

► Oversee for the quality of the engagements including the technical execution and the quality of the deliverables for the engagements
► Effectively lead and motivate teams with diverse skills and backgrounds. Responsible for the development of the team by providing constructive on-the-job feedback/coaching to team members
► Collaborates with practice, industry and other firm leaders to develop market facing initiatives that drive the firm’s strategy
► Demonstrate ability to quickly assimilate to new knowledge.

Skills:

► Infrastructure Security Assessments – Security architecture designing, penetration testing of advanced environments including Virtualized/Cloud environments, Cloud security assessments (AWS/Azure).
► Experience with Red Team assessments and adversary simulation exercises using MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
► Application Security Assessment - In-depth knowledge and exploitation of application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc), thick client, mobile and ERP applications.
► Experience with Threat Modeling, DevSecOps, Security Focused Code Review of Applications (at least one of the following languages C, C++, Java, .NET, etc)
► Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools.
► Experience with conducting security effectiveness of security on databases, Operating systems, network devices (Firewalls, Routers, IDS/IPS, etc)
► In-depth knowledge of architecture engineering and conducting security focused architecture Review of Networks
► Security Assessment of Wireless infrastructure