Senior Associate-BAS Cyber-VAPT-Pune

About Company

BDO is a global network of professional services firms with a presence in over 166 countries, revenue of over USD 14 billion, and experience of over 60 years. It’s a leading service provider for the mid-markets with client service at its heart.BDO India Services Private Limited (or ‘BDO India’) is the India member firm of BDO International. BDO India offers strategic, operational, accounting and tax, and regulatory advisory & assistance for both domestic and international organizations across a range of industries. BDO India is led by more than 300+ Partners & Directors with a team of over 10,000 professionals operating across 14 cities and 20 offices. We expect to grow sizably in the coming 3-5 years, adding various dimensions to our business and multiplying and increasing the current team size multi-fold.

Roles & Responsibilities:

Build, Maintain and nurture positive working relationships with teams and clients. You will:

• Serves as technical lead or subject matter specialist on Cyber Security Assessment projects covering either vulnerability assessment & penetration testing, network security architecture review, secure configuration/code review, firewall ruleset reviews
• Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify, etc.
• Manage day-to-day client relationships at mid and lower levels.
• Good knowledge of TCP/ IP and Networks, including Firewalls, IDS/IPS, Routers, Switches, and network architecture
• Experience in Infrastructure Penetration Testing and Application Security Testing
• Demonstrates ability to work independently on projects with limited supervision and lead a small team with assistance from Managers
• Experience in Secure Code Review
• Experience conducting Network Security Architecture Reviews and configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc.
• Experience in basic scripting such as Shell, Python, PERL, etc.
• Strong analytical and communication skills (written, verbal, and presentation)
• Open to learning new tools and technologies as per the project requirement
• Interactive with team members and confident during client meetings under the guidance of senior members of the project
• Be deadline-oriented and quality-focused
• Certification: OSCP, OSCE, GPEN, CEH etc
• Familiarity with industry standards and frameworks such as OWASP, CIS, and ISO27001

Key Technical Skills:

1. Hands-on experience performing Network, Web, API, Mobile, and Thick Client application security testing.
2. Proficient in using manual and automated application and network security tools such as Burp Suite, OWASP ZAP, Acunetix, ffuf, wfuzz, nikto, Nmap, and Nessus.
3. Basic Knowledge of programming languages like C/C++, C#, JAVA, and ASP.NET, and familiarity with PERL/Python Scripting.
4. Basic Knowledge of the cloud environment and its various components.
5. Familiar with OWASP and Secure SDLC standards.
6. offensive security skill sets include backdoors, keyloggers, password dumpers, and spear phishing payloads.
7. Deliver Red Team Exercises and augment Senior Red Teamers.
8. Knowledge of standard security requirements within ASP.NETapplicationslication.
9. Good Knowledge of TCP/IP, Network Security.
10. Ability to automate certain security test cases or write PoC using a scripting language (Python, Shell Script, Ruby/Perl, etc.) wherever required
11. Knowledge/experience in code review