Pen Tester

About the Role:
Duration: 6 monthsNotice Period: (Immediate Joiner - Only)(General Shift & UK shift), 5days work from the Office, a Cab facility is there.

Job responsibilities:
Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests, and Cloud on system and network levels, employing advanced ethical hacking techniques.Application Penetration Testing (Browser-based, API, Mobile, IoT)Threat ModelingSource Code ReviewPerform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.Perform red team exercises to determine weaknesses in the clients infrastructure and how it should be remediated.Organizing and delivering technical security operational briefings for both technical and non-technical audiences. Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics. Dynamic application security testing (DAST) scans on the identified targets without credentials.Perform credentialed DAST scans on known client URLs.Research to identify new attack vectors.Review and provide feedback for all Security Artifacts.Play a critical role in building an AppSec program that has a wide scope and impact. Researching open-source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients. Preparing and delivering clear, accurate, and concise written and oral technical reports for management. Job specifications:Qualification:Bachelors degree in Engineering or closely related coursework in technology development disciplinesCertifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirableExperience: Total Experience 4+ yearsDesired Skills:Knowledge and Experience:Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).A thorough understanding of the Secure Development Life CycleHave comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App Detective, Web Inspect, etc.)Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g., AWS, GCP, etc.)Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).Microservices testingAbility to find and exploit bugs in: C++, Java, JavaScript, Go, and Python Kubernetes, AWS, GCP, or Azure Memory management, namespaces, cgroups, etc.Passion for writing code to solve problems, combined with an interest in Offensive Security. Ability to demonstrate a strong background in one of the following languages: Golang, Python, Java, JavaScript, C++, C Personal Attributes:Self-starter and quick learner requiring minimal ramp-upExcellent analytical, written, oral, and interpersonal communication skillsHighly self-motivated, self-directed, and attentive to detailAbility to effectively prioritize and execute tasks in a high-pressure environmentStrong communications skills to comfortably work cross-functionally across the organization.