Penetration Tester (5+ Years)

Only Immediate Joiner- Within 8-10 days

5+ Years

Rotational Shift

Hyderabad, IND (ONSITE)

Job Responsibilities:

• Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and

Cloud on system and network levels, employing advanced ethical hacking techniques.

• Application Penetration Testing (Browser-based, API, Mobile, IoT)

• Threat Modeling

• Source Code Review

• Perform penetration testing on web applications and APIs (internal and external) to identify,

assess, and report on vulnerabilities in their applications.

• Perform red team exercises to determine where weaknesses in the client’s infrastructure and

how it should be remediated.

• Organizing and delivering technical security operational briefings for both technical and non

technical audiences.

• Set scope, objectives, and timelines for penetration testing engagements and leverage data to

create useful metrics.

• Dynamic application security testing (DAST) scans on the identified targets without credentials.

• Perform credentialed DAST scans on known client URLs.

• Conduct research to identify new attack vectors.

• Review and provide feedback for all Security Artifacts.

• Play a critical role in building an AppSec program that has a wide scope and impact.

• Researching Open source emerging technologies, developing required frameworks and

capabilities to perform red team exercises on new technologies adopted by clients.

• Preparing and delivering clear, accurate, and concise written and oral technical reports for

management.

Job specifications:

1. Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines

• Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable

2. Experience:

• Total Experience – 4+ years

3. Desired Skills:

Knowledge and Experience:

Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).

• A thorough understanding of the Secure Development Life Cycle

• Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.

• Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).

• Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).

• Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).

• Microservices testing

Ability to find and exploit bugs in:

• C++, Java, JavaScript, Go, and Python

• Kubernetes, AWS, GCP, or Azure

• Memory management, namespaces, cgroups, etc.

• Passion for writing code to solve problems combined with an interest in Offensive Security.

• Ability to demonstrate a strong background in one of the following languages:

o Golang, Python, Java, JavaScript, C++, C