PEN Testing Specialist

• Conduct vulnerability assessments of applications using various open source and commercial tools.
• Conduct a penetration test and launch exploits using Burpsuite, Nessus, Metasploit, and Backtrack penetration testing distribution tools.
• To carry out advanced technical analysis on application intrusions and detect code paths.
• Hands-on experience on Infrastructure, Networks, Web Application, Web Services/API, Databases, Mobile application, etc.
• Demonstration of proof of concepts for exploits, manual penetration testing, fuzzing, etc.
• Security configuration review of database /servers/firewalls / switches/routers, etc.
• Knowledge of operating systems, preferably Windows, Linux. network equipment system network hardening.
• Research and maintain proficiency in computer application exploitation, tools, techniques, countermeasures, and trends in computer application vulnerabilities.

• Good hands-on exposure on Reverse Engineering and Malware analysis.
• Ability to work with tools like IDA, GNU debugger, and Olly DBG.
• Work with clients to determine their requirements and scope for vulnerability testing, for example, the number and type of systems they would like testing.
• Plan and create penetration test cases, methodology, and scripts for tests (E.g., fuzzing tests, Brute forcing, etc).
• Carry out remote testing of a client s network or onsite testing of their infrastructure to expose weaknesses in security.
• Simulate security breaches to test a system s relative security.
• Create test reports and recommendations from your findings, including the security issues uncovered and the level of risk.
• Advise on methods to fix or lower security risks to systems.

• Present your findings, risks, and conclusions to management and other relevant parties.
• Consider the impact your attack will have on the business and its users.
• Understand how the flaws that you identify could affect and impact a business, or business function, if they re not fixed.

Requirements:

• Must have 2 years of experience in Vulnerability Assessment and Penetration Testing for Infrastructure, Networks, Web Application, Web Services/API, Databases, Mobile application, etc.
• Coding skills are required to write exploits and infiltrate any system.
• Strong verbal and written communication skills, with the ability to work effectively across internal and external organizations.
• Knowledge of Reverse Engineering and code path analysis, which require C, C++, etc.