Job Description :
Minimum of 8 – 12 years of relevant project experience in Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
Experience in web development and programming languages i.e. Java, XML, Perl and HTML.
Strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Vulnerability Assessment process,
Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.
A basic understanding of security, web-based and infrastructure vulnerabilities is required.
Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.
Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
Deep understanding of OSI model
Security devices, e.g. Firewalls, VPN, AAA systems
OS Security, e.g. Unix, Linux, Windows, Cisco, etc
Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
Web application infrastructure, e.g. Application Servers, Web Servers, Databases
Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
Reporting information security vulnerabilities to businesses
Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GXPN, GPEN, GCIH, CISSP, and CEH
Roles and Responsibility:
Providing vulnerability assessment and penetration testing services to businesses globally through a comprehensive testing process
Identifying weaknesses and vulnerabilities within the system and proposing countermeasures.
Involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards;
Scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications.
Application vulnerability assessments , Source code review , Application architecture reviews or threat modeling
Articulating security issues to technical and non-technical audience