Jobs

Interviews
Job Alerts
Tools

Upskill and Grow with AI

Mock Interview Practice interviews in realistic simulations

Coding Practice Improve your coding skills with challenges

Certification Earn certifications to validate your skills

AI Learning Get trained with AI expert sessions

Career Path AI insights for smarter career decisions

AI Job Match Score AI-Powered Job Match Against Your Resume and Optimize Your Resume

Career Tools and Resources

Resume Builder Build Professional Resume with Ease

ATS Friendliness Check Check Resume Friendliness for Applicant Tracking Systems

Auto Apply Apply to hundreds of jobs on any platform effortlessly

Co-Pilot (Chrome Extension) Your AI Assistant for Seamless Browsing Efficiency

Interview Questions Streamline interviews with ready-to-use questions

Salaries Discover market-driven salary insights across skillsets and geographies

Companies Explore leading companies actively hiring talent
For Employers

Jobs

Interviews

Home
>
Jobs in bengaluru
>
IBM
>
Lead Penetration Tester

Lead Penetration Tester

IBM

5 - 10 years

9 - 13 Lacs

bengaluru

Posted:None| Platform:

Apply

Skills Required

owasp manual testing web application testing cyber security appscan udp session management nessus postman html nmap dhcp tcp rest burp suite software testing http protocol ip dns javascript web services testing metasploit firewall ids http soap

Work Mode

Work from Office

Job Type

Full Time

Job Description

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities

Plan the penetration test

Select, design and create appropriate tools for testing

Perform the penetration test on computer systems, networks, web-based and mobile applications

Document your methodologies, findings

Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.

Review your findings and feedback to development teams

Analyse the outcomes and make recommendations for security improvements

Carry out application, network, systems and infrastructure penetration tests

Review physical security and perform social engineering tests where appropriate

Evaluate and select from a range of penetration testing tools

Keep up to date with latest testing and ethical hacking methods

Deploy the testing methodology and collect data

Report on findings to a range of stakeholders

Make suggestions for security improvements

Enhance existing methodology material

Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise

Experience – More than 5years in Cybersecurity

Web Application Testing

Basic understanding of HTTP Protocol

HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc.

Basic understanding of HTML/JavaScript

Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities

Automated Testing

Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.)

Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.

Assessment of scanner results and intelligently identifying false positives from the scan results.

Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.

Manual Testing.

Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.

Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.

Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.

Preferred Professional and Technical Expertise :

Webservice Testing

SOAP/REST APIs testing.

Configuring cURL commands and POSTMAN tool to capture the request in automated scanner.

Network Testing

Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc.

Basic understanding of network devices like router, switches, firewall/IDS/IPS etc..

Network scanning tools such as Nessus, Nmap, Metasploit etc.

Exploitation and Post Exploitation of network vulnerabilities.

Threat Model and Source code security scanning

Perform/Participate in threat model creation/design or review

Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools.

Preferred technical and professional experience

Security Certifications

Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

More Jobs at IBM

Delivery Manager - RISK & Compliance - AML

Bengaluru

3 - 5 yrs

INR 5 - 7 Lacs

Delivery Manager-HUMAN Resources Operations

Bengaluru

6 - 10 yrs

INR 11 - 16 Lacs

Application Developer-Java & Web Technologies

Hyderabad

2 - 5 yrs

INR 7 - 11 Lacs

Deputy Manager Data Engineer - Analytics

Bengaluru

4 - 7 yrs

INR 10 - 15 Lacs

Data Scientist-Artificial Intelligence

Bengaluru

3 - 7 yrs

INR 14 - 18 Lacs

Mock Interview

Practice Video Interview with JobPe AI

Start Cyber Security Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

Enhance Your Javascript Skills

Practice Javascript coding challenges to boost your skills

Start Practicing Javascript Now

IBM

Information Technology

Armonk

Login to

Please Verify Your Phone or Email

Confirm Action

Search

Profile

Upskill and Grow with AI

Lead Penetration Tester