Work from Office
Full Time
Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design.
-Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.)
-Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.
-Assessment of scanner results and intelligently identifying false positives from the scan results.
-Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.
-Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.
-Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.
-Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.
-Webservice Testing
-SOAP/REST APIs testing.
-Configuring cURL commands and POSTMAN tool to capture the request in automated scanner.
-Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc.
-Basic understanding of network devices like router, switches, firewall/IDS/IPS etc..
-Network scanning tools such as Nessus, Nmap, Metasploit etc.
- Exploitation and Post Exploitation of network vulnerabilities.
-Threat Model and Source code security scanning
-Perform/Participate in threat model creation/design or review
-Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools.
-Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc
IBM
Upload Resume
Drag or click to upload
Your data is secure with us, protected by advanced encryption.
Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.
We have sent an OTP to your contact. Please enter it below to verify.
Instantly access job listings, apply easily, and track applications.
Practice Javascript coding challenges to boost your skills
Start Practicing Javascript Now
bengaluru
6.0 - 11.0 Lacs P.A.
coimbatore
5.0 - 10.0 Lacs P.A.
bengaluru
6.0 - 11.0 Lacs P.A.
bengaluru
6.0 - 10.0 Lacs P.A.
mumbai
5.0 - 9.0 Lacs P.A.
7.0 - 10.0 Lacs P.A.
18.0 - 33.0 Lacs P.A.
6.5 - 13.0 Lacs P.A.
14.0 - 19.0 Lacs P.A.
hyderabad
7.0 - 12.0 Lacs P.A.
