Vulnerability assessment and penetration testing lead

Posted: Oct. 18, 2021, 5:40 p.m. - Full Time - Hybrid remote

About HackIT

  • HackIT Technology and Advisory Services is an IT / Cyber Security company, operating since 2009. HackIT is an Indian Computer Emergency Response Team, CERT-IN (www.cert-in.org.in) empaneled provider for IT Security Audit Services. HackIT provides a broad range of security consulting and advisory services to a diverse group of clients, including government organizations, corporations, Military establishments, financial institutions and start-up, to name few. Our work spans multiple sectors and industries, including Telecommunications, Defense and Military, ITeS, Financial Services, Aviation, Hospitality, Healthcare and Research. We work end-to-end—from diagnosis to delivery of lasting impact — together generating tangible results that are improving the security posture of organizations worldwide.

  • We are looking for passionate Information Security Professionals to help us keep growing. If you’re excited to be part of a winning team, HackIT Technology & Advisory Services is a perfect place to get ahead.

Job Title

  • Vulnerability Assessment and Penetration Testing Lead / Team Lead

Location

  • Remote / Hybrid

Job Overview

  • We are seeking a Security Penetration Testing Lead to join our dynamic Security Testing dream team and take lead in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.

  • Hands-on role that also requires oversight and mentoring of a team of junior security penetration-testers

Job Responsibilities

  • Plan and Execute Vulnerability Assessments and Penetration Tests in highly heterogenous network
    • Create detailed execution plan against client specific timeline(S)
    • Conduct pen tests on Cloud deployments, including exploit creation to demonstrate a proof of concept.
  • Active Directory Exploitation
  • Develop environment/platform specific scripts and tools
  • Customize reports to suit various audience(s) (Technical/C-Suite)
  • Review and assess progress of remediation
  • Experience in Exploitation and vulnerabilities associated with most common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), Applications (Web, Mobile, Cloud) and network security services (PKI, HTTPS, etc.
  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation.

Technical Skillsets (Mandatory) * Hands on experience in Penetration Testing * Capable of writing exploits for identified vulnerabilities * Proficiency in a programming language(s) (e.g. Python, Ruby, Perl, PowerShell) * Strong analytical and problem-solving skills and the ability to explain complex technical concepts in a clear and concise manner and to provide remediation recommendations. * Knowledge of / or experience with both Enterprise and open-source offensive security tools for reconnaissance, scanning, exploitation * Sound understanding of security frameworks (MITRE ATT&CK, OWASP Top 10, NIST)

Technical Skillsets (Preferred) * Exposure to application Security assessment would be a bonus.

Non-Technical Skillsets * Excellent and effective report writing and verbal communication skills * Deliver results within stipulated time-lines * Team Player

Education and Certifications * Industry recognized certifications (Eg: OSCP, CREST, GXPN, GPEN, Cloud Certifications and other well acknowledged security certifications) preferred

Experience * 2 to 4 years in Enterprise Vulnerability management program and or Infrastructure/Network Penetration testing.