Senior penetration test engineerPosted: Oct. 1, 2021, 7:43 a.m. - Full Time - Bangalore
- Leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places to Work”
- Seeking an astute individual that has a strong technical foundation with the additional ability to be hands-on with the broader engineering team as part of the development/deployment cycle, and deep knowledge of industry best practices, with the ability to implement them working with both the platform, and the product teams.
- Penetration Tester who would be responsible for conducting penetration test activities against our web applications, thick clients, network, Cloud, mobile applications, APIs, etc.
Our current technical environment:
- Software: Nessus, Nexpose, Burp, Kali Linux, NMAP, Metasploit
What you’ll do:
- Perform penetration testing on Network and application, cloud environments (Azure, GCP).
- Document findings for management and technical staff and provide remediation guidance.
- Define and participate in implementation of On-prem and Cloud architecture and security controls.
- Proactive identification of threats and risk remediation.
- Participate in and assist with incident response team, as appropriate.
- Generate metrics for the Management as needed.
- Prepare system security reports by collecting, analyzing, and summarizing data and trends.
What we are looking for:
- 4-7 years of proven experience in Information security/Penetration testing.
- Strong expertise in Vulnerability and Threat Management, gathering and condensing threat intelligence into actionable and meaningful communication materials.
- Experience in Network penetration testing, Manual Web Application penetration testing.
- Education and experience in public cloud infrastructure such as Microsoft Azure, Google Cloud Platform.
- Experience with penetration testing tools such as Nessus, Nexpose, Burp, Kali Linux, NMAP, Metasploit etc.
- Understand and able to calculate risk for vulnerabilities using risk rating methodologies like CVSS.
- Ability to validate the false positives reported by tools.
- Ability to explain the root cause of a vulnerability.
- Ability to provide remediation guidance for the vulnerabilities.
- Good in report preparation with executive summary and technical details.
- Certifications such as OSCP, CEH, CISSP or equivalent.