Vapt lead

Posted: Feb. 11, 2022, 2:49 p.m. - Full Time - Remote

About HackIT

HackIT Technology and Advisory Services is an IT / Cyber Security company, operating since 2009. HackIT is an Indian Computer Emergency Response Team, CERT-IN (www.cert-in.org.in) empaneled provider for IT Security Audit Services. HackIT provides a broad range of security consulting and advisory services to a diverse group of clients, including government organizations, corporations, Military establishments, financial institutions and start-up, to name few. Our work spans multiple sectors and industries, including Telecommunications, Defense and Military, ITeS, Financial Services, Aviation, Hospitality, Healthcare and Research. We work end-to-end—from diagnosis to delivery of lasting impact — together generating tangible results that are improving the security posture of organizations worldwide.

We are looking for passionate Information Security Professionals to help us keep growing. If you're excited to be part of a winning team, HackIT Technology & Advisory Services is a perfect place to get ahead.

Job Title

  • Vulnerability Assessment and Penetration Testing Lead / Team Lead (Web / Mobile Application)

Location

  • Remote / Hybrid

Job Overview

  • We are seeking a Vulnerability Assessment and Penetration Testing (VAPT) Lead to join our dynamic Security Testing dream team and take lead in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.
  • Hands-on role that also requires oversight and mentoring of a team of junior security penetration-testers

Job Responsibilities

  • Manual and automated security testing of Web applications, APIs, and Mobile Applications.
  • Static and Dynamic testing (SAST & DAST) of Thick clients / applications
  • Develop Proof-of-Concept (PoC) for the identified vulnerabilities.
  • Provide remediation guidance to identified vulnerabilities.
  • Develop and execute security testing project plans.
  • Incorporate metrics providing comprehensive insight about the security posture of an organization that will help senior management with decision making.
  • Build and maintain strong relationships with key stakeholders.

Technical Skillsets (Mandatory)

  • Hands on experience in Penetration Testing
  • Strong analytical and problem-solving skills and the ability to explain complex technical concepts in a clear and concise manner and to provide remediation recommendations.
  • Knowledge of / or experience with both Enterprise and open-source offensive security tools for reconnaissance, scanning, exploitation
  • Sound understanding of security frameworks (OWASP Top 10, NIST, MITRE ATT&CK)

Technical Skillsets (Preferred)

  • Proficiency in programming language(s) (e.g. Python, Ruby, Perl, PowerShell)
  • Exposure to DevSecOps, Security Architecture review and Network Security assessment would be a bonus.
  • Hands-on experience in Red Team Exercises, Threat Hunting, OSINT and Threat Modelling

Non-Technical Skillsets

  • Estimate Project efforts and meet delivery milestones and deadlines
  • Excellent and effective report writing and verbal communication skills
  • Deliver results within stipulated time-lines
  • Team Player with good interpersonal skills
  • Should be able to work independently with minimum and least supervision in complex, dynamic and challenging environment.
  • Self-driven and self-managed technical team leader.
  • Communicate project requirements and influence stakeholders with minimal supervision.

Education and Certifications

  • Industry recognized certifications (Eg: OSCP, CREST, eWPT, GXPN, GPEN, Cloud Certifications and other well acknowledged security certifications) preferred

Experience

  • 3 to 5 years in Application/Infrastructure/Network Penetration testing.

Info Sec Community Activities and Opportunities

  • Promote security researches that are aligned with the current industry requirements and incepted at HackIT.
  • Provide assistance and support for presenting research papers at security conferences across the globe
  • HackIT provides opportunity to contribute back to the information security community