Vapt assurance lead

Posted: Aug. 5, 2022, 10:03 a.m. - Full Time - Uae

Key Words: VAPT, Vulnerability Assessment, Penetration Testing, Red Teaming, CRT, OSCP Role: Lead/Senior Consultant Industry: Cyber Security Consulting, Information Technology Function: Vulnerability Assessment, Penetration Testing Location: Dubai / India Key Responsibilities Managing VAPT Team: • Your key responsibilities would be to lead a team in the conduct of in-depth vulnerability assessment, penetration testing and red teaming of Enterprise IT systems and to provide cybersecurity assurance against sophisticated attackers through attack simulation, • You will be working closely with respective stakeholders to facilitate the tests, provide technical consultancy, report vulnerabilities, and recommend remediation/mitigation actions • Define Red Teaming & Blue Team structures and manage complex Red Teaming & Blue teaming exercises • Manage resource allocation across projects • Manage resource schedule and workload to get optimal utilization and output from VAPT / Assurance team • Recommend best practices to be followed to plan and improve capabilities of VAPT team • Conduct regular assessment and performance appraisal of team • Develop career path for all team members based on their competencies and aspirations Developing Best Practices for VAPT /Assurance Practice: • You will develop methodologies , test cases & reporting templates for complex VAPT projects • You will help in continually improving the practice based on industry best practices and trends Support in Pre – Sales Activities • Support in Pre-Sales Activities with effort estimation , approach , methodology documents , testing scenarios and test cases • Support in responding to RFPs for VAPT / Assurance related services • Support in developing client presentations related to VAPT / Assurance Services • Attend pre sales meetings for technical clarification from prospective customers

Hands on Activities • Conduct cyber-attack simulations as part of the RED team activity • Conduct Vulnerability Assessment and Penetration Testing and configuration review for network, web application , mobile application and thick -client application • Conduct configuration reviews for OS , DB, Firewall, routers, Switches and other security devices/components • Perform manual testing of web applications • Conduct source-code review using automated and manual approaches • Prepare detailed reports • Ensure timely delivery of status updates and final reports to clients • Handle Clients queries • Keep oneself updated on the latest IT Security news ,exploits, hacks • Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks

Essential Skills • Thorough and practical knowledge of OWASP • Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux • Working knowledge of manual testing of web applications • Good knowledge of modifying and compiling exploit code • Hands on experience of working on Windows and Linux • Working knowledge of CIS Security benchmarks • Good understanding and knowledge of codes languages • Has practical experience in auditing various OS , DB , Network and Security technologies • Microsoft office – Word, Excel, PowerPoint

Pre-Requisites • At least 8 years in field of IT Security Services with major focus on VAPT services • Experience in security testing for specialized areas like IoT (Hardware & Firmware), API Testing, Mobile Testing will be highly preferred • OSCP or Equivalent Certified • Experience on network vulnerability scanning penetration testing • Experience with Nessus NetCat, NMAP Backtrack, Metasploit, , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone) • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) • In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database • Analytical thinker willing to “think outside the box” to resolve customer impacting situations on first contact; understand customer risk profile. • Self-starter and ability to deliver under defined time lines

Other Requirements • Certifications like CEH, CPT , CISM , CISSP preferred • MSSP (Managed Security Services Provider) experience supporting multiple customers or infrastructure • Network Security (multi-vendor) experience • Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts; • Knowledge of IDS deployment strategies and experience in SIEM tools (RSA enVision, Splunk, ArcSight, LogRhythm )with be advantageous • Knowledge of scripting languages (C++, C#, Perl, CGI, HTML, Java, TCL , Shell) will be added advantage