Penetration Tester

Key Responsibilities

• Performing (Web, mobile, Cloud-based AWS, Azure, etc.), thick-clients business solutions and infrastructure pentest as assigned by the customer
• Work on full assessment & revalidation cases within customer defined timelines.
• Handling report creation based on pentest outcome as per customer template
• Develop new test cases, scenario & able to perform API pentesting.
• Develops, tests and validates solutions to remediate exploitable conditions on devices such as web servers, mail servers, routers, firewalls and intrusion detection systems |
• Provide results report and help team to evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning and web services manipulation |
• Conducts security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities.
• Perform source code review & configurations reviews against CIS benchmarks and security standard.
• Participating in end user calls with customer for requirement gathering, explanation of findings, technical discussions.

About you

Education, qualifications, and certifications

• Degree / Diploma Holders with good knowledge in pentest domain.
• Excellent verbal & written communication skills in English language

Mandatory skill set

• Proficiency in Pentest tool such as using Burp suite and Kali Linux. 
• Proficiency in Python and Java, Javascript, and other coding languages. 
• Good experience in performing security penetration testing and vulnerability assessment.
• Experience in testing diverse infra components including various enterprise platforms such as private clouds, Openshift infra, dockers/container infra etc.
• Experience in Source code reviews, red team exercises, security architecture configuration reviews, and technical security compliance reviews
• Knowledge on Web-based applications and services (SOAP/REST)
• Well versed in writing reports, test cases etc.
• OSWP/ OSCE certification (preferred), SANS or Certified Penetration Tester, Certified Expert Penetration Tester or  GIAC Certified Penetration Tester.

Secondary skill set

• Knowledge on Azure & scripting language.
• Nice to have knowledge on other hacker tools;Appscan, Fortify, Wireshark, nmap, netcat, ZAP, FireBug, Nessus, John the Ripper.

Experience

Minimum of 3+ years related work experience in customer facing organizations within Pentest domain.