Cyber Security Senior Analyst - Network Pentesting

Cyber Security Senior Analyst - Pentesting

Organization Overview

Société Générale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth, aiming to be the trusted partner for its clients, committed to the positive transformations of society and the economy.

Set up in 2000, Société Générale Global Solution Centre (SG GSC), a 100% owned subsidiary of Société Générale has over 12,000 employees across its Bangalore and Chennai facilities in India. The subsidiary is focused on Application Development and Maintenance, Infrastructure Management, Business Process Management and Knowledge Process Management, to Société Générale’s business lines across the world with focus on an outcome-based business approach.

We are an employee focused organization; known for the extensive opportunities we provide for career progression and development.

We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status

Job Summary Responsibilities in the Role

• Moderate functional knowledge of cyber security or information security processes and expert domain knowledge

• Assist functional manager in performing day to day security activities/operations by working independently

• Handle larger projects or assignments Analyze the problem statements, define and execute the desired solutions;

• Mentor team members Work inline with defined processes, framework and provide regular functional updates to manager

• Ability to prioritize deliverables and work in consultation with manager and other seniors in the team Contribute to various functional initiatives with larger responsibilities

Profile Required and Qualifications:

• 3 to 6 years of strong work experience in penetration testing, threat modeling and/or secure application testing

• Expertise in conducting penetration testing on various infrastructure and network components including Cloud, Wireless LAN, Active directory etc.

• Thorough understanding of application architectures, understanding of security standards, frameworks and methodologies

• Thorough understanding of protocols such as HTTP, TCP/IP, SSH, RDP, SNMP etc and expertise in exploitation of vulnerabilities in such services.

• Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10, Mobile Top 10 and SANS top 25. Global Solution Centre

• Knowledge using leading testing tools such as Burp suite, NMAP, Kali OS , Nessus, Metasploit etc. • Experience with various operating systems, network security technologies, web application development technologies, languages and frameworks such as .Net, Java, PHP, Angular JS, NodeJS etc.

• Knowledge of scripting languages such as Python, C/C++, Java/JavaScript.

• Experience with Configuration and Deployment Management Testing, Identity Management Testing, Cookie/Session Management, Authentication/ Authorization Testing, Input Validation Testing, Privilege escalation testing, Enumeration testing

• Good communication, presentation and interaction skills

• OSCP certification (preferred), CEH, SANS or Certified Penetration Tester, Certified Expert Penetration Tester or GIAC Certified Penetration Tester

• Bugbounty hunters, CVE finders and other bugcrowd rank holders are preferred