PRIMARY RESPONSIBILITIES The right candidate is expected to have proficiency in conducting some or all of below assessment types.
Perform intelligence-led security assessments on Internet-facing web applications.
Perform security assessments on internal/external software applications/services, including the services layer segments with REST/SOAP/GraphQL APIs, ESB, Middleware, or other channels.
Perform penetration tests across public/private network infrastructure assets.
Perform code aware penetration testing and security assessment of the iOS/Android mobile applications.
Perform assessments of wireless networks and OT assets/components
Perform security assessment of cloud environments (AWS/Azure/GCP/other) with automated tools, custom scripts, and configuration audits.
Perform internal and external adversary emulations.
ADDITIONAL RESPONSIBILITIES Dependent on the role
Develop testing scripts and procedures for comprehensive assessment requirements.
Conducts penetration tests and vulnerability assessments against client infrastructure following a standard testing methodology using automated, ad-hoc, and manual testing techniques.
Compile executive and technical reports and make recommendations to findings in a responsive fashion.
Conducts external and internal segmentation testing against client infrastructure.
Develop penetration testing strategy and test cases for complex enterprise applications.
Develop methodology documents and pre-engagement questionnaires for Penetration Testing and Vulnerability Assessment projects.
Thoroughly document exploit chain/proof of concept scenarios for client consumption.
REQUIREMENTS
1-4 years of relevant work experience.
Based on experience and skill set, candidates will be considered for Associate Consultant, Consultant or Senior Consultant.
Ability to work methodically, independently, and prioritize work
Excellent communication skills (written & verbal) in English, must be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume the role of a trusted subject matter expert.
Strong technical knowledge in performing manual/ automated network security assessments using open-source and commercial security tools on various operating systems, applications, networks, and security infrastructure devices.
Excellent up-to-date technical and hands-on knowledge and experience in current attack methods, penetration testing methods, and hacking tools, especially for web applications, are required.
A Desire to learn and to share knowledge.
Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25.
Hands-on experience in Kali Linux, Metasploit, Nexpose, Nmap, Burp, Paros, Nessus, Appscan, Core Impact, and other relevant tools.
Programming experience in Python, PHP, Perl, Ruby, NET, or other interpreted or compiled languages.
Experience with reverse engineering, exploit development, and mobile and industrial control systems are a plus.
OSCP/OSWE/OSEP/OSCE/CRTP or other security certifications are desirable.
Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude.
Willingness to travel extensively (domestic/international)
NetSentries Technologies is an Enterprise Cyber Security Assessor serving Global Banks and Forbes 2000 companies across four continents. We serve our customers by continuously identifying Cyber Risks and enabling Blue teams with Threat Informed Defensive capabilities to protect their organizations better. LOCATION Pune, India
