4 Cept Jobs

Summary: We are seeking a skilled and detail-oriented Application Security Penetration Tester to join our cybersecurity team. The primary goal of this role is to ensure secure software delivery by planning, executing, and documenting penetration tests on enterprise applications, identifying vulnerabilities, and supporting remediation efforts. Experience: 5+ years Main Responsibilities: As a Penetration Tester, you will be responsible for conducting comprehensive security assessments across various applications. Preparatory Phase: Conduct kick-off meetings with application owners to define the scope and feasibility of penetration tests. Review functional and technical aspects of applications to prepare for testing. Deliver scope documentation and meeting minutes within defined timelines. Operational Phase: Execute penetration tests on applications to identify exploitable vulnerabilities. Analyze application security posture and provide detailed findings. Prepare and present reports and findings to stakeholders. Coordinate with development and security teams for issue resolution. Post-Operational Phase: Conduct restitution meetings to recap completed tests and their outcomes. Create detailed documentation for retesting and audit purposes. Support closure of identified issues (PTRs) and track remediation progress. Maintenance Phase: Re-evaluate and close PTRs as part of ongoing security maintenance. Contribute to efficiency improvements and automation of pentest processes. Collaborate on tooling design and documentation enhancements. Key Requirements: Security Expertise - Application security testing, Penetration testing, Vulnerability assessment, Reverse engineering Knowledge Areas - OWASP Top 10, Secure coding practices, CVSS v2.0, CVSS Calculator v4.0 Tools & Technologies - Burp Suite Professional, OWASP ZAP, Nessus, Metasploit, Linux & Windows OS Programming Skills - Scripting experience (Python, JavaScript) Certifications - OSCP, PNPT, CPT, CEPT, CCPT, eJPT / PJPT Soft Skills - Fluent English (spoken & written), Team collaboration Nice to Have: PCI-DSS auditing experience Security audits and compliance frameworks NodeJS, VueJS CEH, GWAPT certifications Fast learner, Autonomy Multicultural team experience Other Details: This position requires the delivery of pentest reports, documentation for retesting, remediation proposals, and coordination with development teams. It also involves tooling design and automation in pentest workflows. Show more Show less

As a suitable candidate for this position, you should hold a Bachelor's degree in Civil Engineering or Architecture. It is desirable to have a Post Graduate degree from institutions like Nicmar, CEPT, or SPA. The annual compensation for this role is in the range of 8 to 10 Lakhs per annum. To excel in this role, you should possess a minimum of 5 to 6 years of work experience in Corporate Fit outs. Your experience in this field will be crucial in contributing effectively to the projects undertaken by the organization. Your academic qualifications, combined with your work experience, will be essential in successfully fulfilling the responsibilities associated with this position.,

We are looking for someone who has good hands on experience in VAPT. This role is with one of the government department of Maharashtra. Education: B.E/B. Tech / M.Sc. (Comp. Sci) / MCA / MBA/ M. Tech degree or equivalent. Should be a certified auditor. 6 or more years of overall experience with at least 6 years of relevant experience in Vulnerability Analysis, Penetration Testing and/or forensics. Must have experience in managing at least 3 projects for large, enterprise scale Clients. should have at least two industry certifications as mentioned below: 1. Licensed Penetration Tester (LPT) 2. Certified Penetration Testing Professional (CPENT) 3. Certified Expert Penetration Tester (CEPT) 4. GIAC Penetration Tester (GPEN) 5. CompTIA PenTest+ 6. Certified Ethical Hacker (CEH) 7. Certified Mobile and Web App Penetration Tester (CMWAPT) 8. Computer Hacking Forensic Investigator (CHFI) 9. Certified Information System Auditor (CISA) 10. Certified Information Security Manager (CISM) 11. Other acceptable industry related certification in VAPT. 12. OSCP

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You ll find an environment that inspires and empowers you to thrive both personally and professionally. There s no one like you and that s why there s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals (CISSP ); Certified Information Systems Auditor (CISA ); Certified Information Security Manager (CISM ) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills to Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable