Penetration Tester

Skills

• Experience in the range 2-3 yrs
• Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
• Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
• Work closely with application, network and infrastructure teams when performing tests against new or existing systems
• Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
• Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
• Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
• Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
• Be a part of the SDLC process for testing of new application systems/infrastructure
• Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
• Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc)
• Create, maintain and report metrics that measure effectiveness of various security controls.
• Document areas of significant exposure to information systems and recommend solutions.
• Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
• The ability to articulate risks and findings to management
• Experience in preparing a security threat model and associated test plans.
• Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
• Knowledge of current information security threats. Good understanding of coding best practices and standards.
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
• Excellent communication skills both written and verbal.
• Critical thinking and good problem-solving abilities.
• Organized in planning and time management skills are preferred.
• Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.