Senior Consultant - VAPT

Roles Responsibilities

Conduct Vulnerability Assessments Black-box / Grey-box Penetration tests on System, Network infrastructure, Cloud, Web, APIs (REST SOAP), Mobile (Android +iOS) Thick-client applications using various open source,commercialtoolsandmanualtestingmethods.

Location:

Pune, India

Mode of work:

Work from office (Daily)

Qualification

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• 8 - 10 years of relevant Experience
• CEH Certified
• CREST / OSCP Certifications will be an added advantage
• MSSP (ManagedSecurityServices Provider) experience supporting multiple customers infrastructure
• Broad background of networks,operating systems(Window,Unix,Linux),firewalls and security engineering concepts
• Knowledge of scripting languages(C++,C#,Perl,CGI,HTML,Java,TCL,Shell)will be added advantage
• Willing to travel overseas on projects
  

InfrastructureVA/PT

• Map out a network, discover ports and services running on the different exposed networkandsecuritydevices
• Conduct penetration test and launch exploits using NMap, Nessus, Metasploit,Backtrack,KaliLinux penetration testing toolssets
• Research and maintain proficiency in computer network exploitation,tools,techniques, counter measures,and trends in computer network vulnerabilities, data hiding,networksecurity,andencryption
• Analyze scan reports and recommend remediation /mitigation actions
• Keep track of new vulnerabilities for all relevant technology platforms
• Audit configuration of OS, Network and Security devices
• Provide Cloud Infrastructure Assessments
• Providingclientspecificreports
• Understand IT infrastructure and traffic flows to manage VAPT exercises
• Communicate with the customer to understand their needs and address concerns.
  

Application VA/PT

• Conduct Web, Mobile (iOS + Android) and Thickclient application assessments based on industrystandards/benchmarks like OWASP
• Conduct assessments using relevant automated toolsandcomplimentwithmanualreviews
  

Social Engineering

• Conduct phishing and spear-phishing simulated assessments, and techniques in the social engineering domain to assess the adequacy of awareness and training programs in organizations.
  

Required Skills

• Experience on Network Vulnerability Scanning and Penetration Testing
• Experience on Cloud Infrastructure Security Assessments
• ExperiencewithNessus,Net Cat,NMAP, Kali,Metasploit,HPing, Frida, Objection, Drozer andsimilartoolssetlikeRetinaCS,Qualys
• KnowledgeofNetworkSecuritytechnologyinareasofFirewall,IPS,VPN,Gatewaysecuritysolutions(DNS, VLAN, proxy, webfiltering)
• In-depth understandingon Common Vulnerability Exposure (CVE)/Cert advisory database
• Analyticalthinkerwillingto'thinkout of thebox'to resolve customer impactin situations on first contact;understand customer risk profile
• Knowledge in RPF preparation, Solution architecture, VAPT review and presentation in customer arena
• Strong Presentation and Documentation Skills.
• Self-starter andabilitytodeliverunderdefinedtimelines, team player with leadership capabilities