Role: Cyber/ VAPT
Industry Type: Miscellaneous
Department: IT & Information Security
Employment Type: Full Time, Permanent
Role Category: IT Security
UG: Any Graduate, B.Tech / B.E. in Any Specialization
Job Roles To conduct Application Security testing for Web, Mobile, client Server application to assess the vulnerabilities To conduct Manual and Automated testing of Application, database To conduct white, black, grey box testing To Verify security controls as per Open Source Security Testing Methodology Manual (OSSTMM), OWASP, SANS To Identify false positives and creating Proof-of-concept (PoC) for reporting To Conduct source code review of different application To Size and scope the effort estimates for doing application test Define, maintain and enforce application security best practices To Monitor and track progress of vulnerabilities found and maintain the history To Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation To Perform database vulnerability assessment To Issue reports on assigned application and system scans To carry out Internet and Intranet Penetration Testing on IPs, URLÆs To Identify vulnerabilities and potential impact To review client network infrastructure, conduct due diligence and suggest risk remedial and mitigation action based on the testing results To build customized scripts using open source tools To Generate custom client specific reports To create technology specific scanning profiles To build security configuration document based on best practices and CIS benchmarks
Education - Essential: Graduate - Desirable: B.E
Experience - Minimum 5 yearsÆ experience working in Conducting Security audits and testing in any of the 3 areas ( VA,PT, Application Security) - Experience in using and implementing various VA PT such as Nessus, Qualys, nmap, Metspolit,Wireshark, OpenVas, coreimpact - Rich experience in developing Shell scripts on open source platforms to carry out various customised tests -
Certification - Essential: CEH, SSCP, OSCP - Desirable: Qualysguard, CCFP, CISSP, SANS
Skills & Abilities - Essential: Good Analytical skills, Able to articulate and correlate.Sound Technical knowledge, - Desirable: Able to work for long extended hours