Pentesting Specialist

IBM

3 - 6 years

5 - 9 Lacs

pune

Posted:1 day ago| Platform:

Apply

Skills Required

manual testing testing tools physical security mobile applications http penetration testing automated testing html ethical hacking web application testing cybersecurity javascript

Work Mode

Work from Office

Job Type

Full Time

Job Description

Perform the penetration test on computer systems, networks, web-based and mobile applications
Document your methodologies, findings
Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.
Review your findings and feedback to development teams
Analyse the outcomes and make recommendations for security improvements
Carry out application, network, systems and infrastructure penetration tests
Review physical security and perform social engineering tests where appropriate
Evaluate and select from a range of penetration testing tools
Keep up to date with latest testing and ethical hacking methods
Deploy the testing methodology and collect data
Report on findings to a range of stakeholders
Make suggestions for security improvements
Enhance existing methodology material

Required education

Bachelor''s Degree

Required technical and professional expertise

Entry level knowledge in Cybersecurity
Web Application Testing
Basic understanding of HTTP Protocol
HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc.
Basic understanding of HTML/JavaScript
Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities
Basic understanding of storage domain

Automated Testing

Entry level knowledge of at least one of ZAP OR BurpSuite scanner. (Good to have knowledge of both the tools.)
Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc?) to perform successful scan.
Assessment of scanner results and intelligently identifying false positives from the scan results.
Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.

Manual Testing.

Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.
Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.
Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.

More Jobs at IBM

Delivery Manager - RISK & Compliance - AML

Bengaluru

3 - 5 yrs

INR 5 - 7 Lacs

Delivery Manager-HUMAN Resources Operations

Bengaluru

6 - 10 yrs

INR 11 - 16 Lacs

Application Developer-Java & Web Technologies

Hyderabad

2 - 5 yrs

INR 7 - 11 Lacs

Deputy Manager Data Engineer - Analytics

Bengaluru

4 - 7 yrs

INR 10 - 15 Lacs

Data Scientist-Artificial Intelligence

Bengaluru

3 - 7 yrs

INR 14 - 18 Lacs

Mock Interview

Practice Video Interview with JobPe AI

Start JavaScript Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.