Quality engineers - securityPosted: May 5, 2022, 7:35 a.m. - Full Time - Bengaluru
Crestron’s India team is looking for talented and self-motivated outstanding Pentesters and security researchers who would be responsible for pentesting and researching on Crestron’s products and cloud based services. The ideal candidate is an individual who is passionate about finding security bugs in proprietary software and hardware. The candidate must be able to work independently and also handle communications with other project teams for project updates. The candidate must have good written and verbal communication skills and must be able to articulate their viewpoints clearly.
In this role at Crestron India, Bangalore, you will be responsible for * Audit Crestron Products, and customer facing cloud infrastructures to identify vulnerabilities, risks, and application of standard practices for hardening * Understand Features, participate in Security Requirement reviews and derive Threat Models * Write Security Test Plans based on the Threat Models * Develop automation scripts to automate mundane security testing * Conduct manual penetration testing of devices, Web APIs and endpoints based on defined test plan * Identify, record, document product vulnerabilities and escalate their severity based on impact to product security * Perform limited security code review of cloud-based solutions and products released at Crestron * Research on platform specific vulnerabilities (Android, Linux Libraries) and keep abreast of CVEs and report the same to internal stakeholders * Create security documents, design standard operating procedures, report findings and track them to closure by working with related stakeholders * Present security reports to senior management post completion of security audits * Suggest/Recommend improvement in existing deployment guides * Adjust to rapidly changing requirements and timelines * Track record of completing assignments on time with a high degree of quality
Technical Skills & Qualification
- Minimum Bachelor’s degree in Engineering. (Preferably in Electronics & Communications)
- Minimum 5 years of experience spanning across technical, network and security architecture.
- Experience or knowledge in cloud security architecture, secure configurations, shared responsibility models on Azure. Added advantage if candidate has experience in Azure Security Center
- Good understanding of network protocols - TCP/IP, ICMP, HTTP
- Good Knowledge On IoT Data Protocols (Network/web/wireless) : Bluetooth LE , MQTT , Zigbee
- Good Knowledge on IoT Architectures
- Good understanding of cryptographic protocols - SSL/TLS and cipher implementation
- Good understanding of * Nix Platforms
- Good understanding of shell scripts, C/C++ and .NET based programs
- Proficiency in conducting manual/expert security code reviews in .NET, C/C++, Python
- Proficiency in Network Penetration Testing and Application Security Testing
- Solid Experience in Web Application Penetration Testing including SOAP/REST APIs
- Knowledge of DevOps ecosystem: CI, CD tools, orchestration tools
- Knowledge of all components of a SaaS Multi-tenant product architecture.
- Knowledge of industry standards and compliance frameworks: CIS, NIST, FEDRAMP
- Experience in at least 1 of the Static Code Scanning Tools like Fortify ,Coverity, Checkmarx.
- Experience with Dynamic Scanning Tools like IBM APPSCAN, Burp Suite, Acunetix
- Knowledge of Angular JS, MVC/MVVM Framework
- Knowledge of Programming Languages- Python/PowerShell, .NET/Java, C,C++
- Ability to assess testing tools and deploy the right ones
- Ability to explain findings to non-technical professionals
- Excellent report writing and presentation skills
- Able to work independently but also as part of a team
- Flexibility to change direction and manage conflicting demands
- Must have strong written and verbal communication skills as you will be working with cross functional teams.
- Must possess strong problem-solving skills.
- Operate autonomously with minimum direction
- Must be a self-starter with the ability to master new technology concepts quickly..
if you have proven skills with less experience also eligible to apply along with your track record