Security Tester

About the Role: Penetration Tester

Duration: 6 months

Location: Hyderabad

Timings: Full Time (As per company timings)

Notice Period: (Immediate Joiner - Only)

Experience: 5-7 Years

(General Shift & UK shift), 5days work from the Office, a Cab facility is there.

Job responsibilities:

• Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests, and Cloud on system and network levels, employing advanced ethical hacking techniques.
• Application Penetration Testing (Browser-based, API, Mobile, IoT)
• Threat Modeling
• Source Code Review
• Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.
• Perform red team exercises to determine weaknesses in the client’s infrastructure and how it should be remediated.
• Organizing and delivering technical security operational briefings for both technical and non-technical audiences.
• Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics.
• Dynamic application security testing (DAST) scans on the identified targets without credentials.
• Perform credentialed DAST scans on known client URLs.
• Research to identify new attack vectors.
• Review and provide feedback for all Security Artifacts.
• Play a critical role in building an AppSec program that has a wide scope and impact.
• Researching open-source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients.
• Preparing and delivering clear, accurate, and concise written and oral technical reports for management.

Job specifications:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
• Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable

• Total Experience – 4+ years

Knowledge and Experience:

• Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).
• A thorough understanding of the Secure Development Life Cycle
• Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.
• Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App Detective, Web Inspect, etc.)
• Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g., AWS, GCP, etc.)
• Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).
• Microservices testing
• Ability to find and exploit bugs in:
• C++, Java, JavaScript, Go, and Python
• Kubernetes, AWS, GCP, or Azure
• Memory management, namespaces, cgroups, etc.
• Passion for writing code to solve problems, combined with an interest in Offensive Security.
• Ability to demonstrate a strong background in one of the following languages:
• Golang, Python, Java, JavaScript, C++, C

Personal Attributes:

• Self-starter and quick learner requiring minimal ramp-up
• Excellent analytical, written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Strong communications skills to comfortably work cross-functionally across the organization.

Job Types: Full-time, Contractual / Temporary
Contract length: 6 months

Work Location: In person

Speak with the employer
+91 9966773665