Senior penetration test engineer

Posted: Oct. 1, 2021, 7:43 a.m. - Full Time - Bangalore

Overview:

  • Leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places to Work”
  • Seeking an astute individual that has a strong technical foundation with the additional ability to be hands-on with the broader engineering team as part of the development/deployment cycle, and deep knowledge of industry best practices, with the ability to implement them working with both the platform, and the product teams.

Scope:

  • Penetration Tester who would be responsible for conducting penetration test activities against our web applications, thick clients, network, Cloud, mobile applications, APIs, etc.

Our current technical environment:

  • Software: Nessus, Nexpose, Burp, Kali Linux, NMAP, Metasploit

What you’ll do:

  • Perform penetration testing on Network and application, cloud environments (Azure, GCP).
  • Document findings for management and technical staff and provide remediation guidance.
  • Define and participate in implementation of On-prem and Cloud architecture and security controls.
  • Proactive identification of threats and risk remediation.
  • Participate in and assist with incident response team, as appropriate.
  • Generate metrics for the Management as needed.
  • Prepare system security reports by collecting, analyzing, and summarizing data and trends.

What we are looking for:

  • 4-7 years of proven experience in Information security/Penetration testing.
  • Strong expertise in Vulnerability and Threat Management, gathering and condensing threat intelligence into actionable and meaningful communication materials.
  • Experience in Network penetration testing, Manual Web Application penetration testing.
  • Education and experience in public cloud infrastructure such as Microsoft Azure, Google Cloud Platform.
  • Experience with penetration testing tools such as Nessus, Nexpose, Burp, Kali Linux, NMAP, Metasploit etc.
  • Understand and able to calculate risk for vulnerabilities using risk rating methodologies like CVSS.
  • Ability to validate the false positives reported by tools.
  • Ability to explain the root cause of a vulnerability.
  • Ability to provide remediation guidance for the vulnerabilities.
  • Good in report preparation with executive summary and technical details.
  • Certifications such as OSCP, CEH, CISSP or equivalent.