Role: Leas Penetration Tester
Location: Hyderabad
Experience: 5+ years
Salary: 10L to 15L
Job responsibilities:
Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and Cloud on system and network levels, employing advanced ethical hacking techniques.
- Application Penetration Testing (Browser-based, API, Mobile, IoT)
- Threat Modeling
- Source Code Review
- Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.
- Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated.
- Organizing and delivering technical security operational briefings for both technical and non-technical audiences.
- Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics.
- dynamic application security testing (DAST) scans on the identified targets without credentials.
- Perform credentialed DAST scans on known client URLs.
- Conduct research to identify new attack vectors.
- Review and provide feedback for all Security Artifacts.
- Play a critical role in building an AppSec program that has a wide scope and impact.
- Researching Open source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients.
- Preparing and delivering clear, accurate, and concise written and oral technical reports for management.
Job specifications:
Qualification:
- Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
- Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable
Experience:
- Total Experience – 5+ years
Desired Skills:
Knowledge and Experience:
Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).
- A thorough understanding of the Secure Development Life Cycle
Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols.
Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).
- Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).
- Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).
- Microservices testing
- Ability to find and exploit bugs in:
- C++, Java, JavaScript, Go, and Python
- Kubernetes, AWS, GCP, or Azure
- Memory management, namespaces, cgroups, etc.
- Passion for writing code to solve problems combined with an interest in Offensive Security.
- Ability to demonstrate a strong background in one of the following languages:
- Golang, Python, Java, JavaScript, C++, C
Personal Attributes
- Self-starter and quick learner requiring minimal ramp-up
- Excellent analytical, written, oral, and interpersonal communication skills
- Highly self-motivated, self-directed, and attentive to detail
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Strong communications skills to comfortably work cross-functionally across the organization
