Job
Description
Responsibilities Work on projects with clearly defined guidelines as team member with responsibility for project delivery To understand end-to end application architecture and business logics. Conduct manual penetration testing of web applications, mobile applications, APIs, networks, and other systems to identify security vulnerabilities. Utilize penetration testing tools and frameworks to simulate real-world attack scenarios and identify vulnerabilities. Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, manually etc. Understands basic business and information technology management processes. Demonstrates knowledge of firm's methodologies, frameworks, and tools. Participate in practice development. The Key Skills Understanding of basic business and information technology management processes Good knowledge of protocols, security measures and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Must have in-depth business logic vulnerabilities, XSS, SQLi, Broken Access Control, SSRF, and other OWASP TOP 10 best practices and cyber security guidelines. Experience in Infrastructure Penetration Testing and Application Security Testing Experience in secure code review and expertise in tools like Checkmarx and SonarQube are required. Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Must have Hand-on-Experience of tools like Burp-Suite, Nmap, Metasploit as well as open-source tools. Should possess knowledge of vulnerability exploitation and exploit development. Experience in basic scripting such as: Shell, Python, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, etc. Additional Skills Strong analytical and communication skills (written, verbal and presentation) Open to learn new tools and technologies as per the project requirement. Any other professional certificated will be an added advantage. Requirement: CEH (Required) and OSCP (Preferred)
