Description

The opportunity

We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.

 

Your key responsibilities

  • Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
  • Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
  • Execute penetration testing projects using the established methodology, tools and rules of engagements.
  • Execute red team assessments to highlight gaps impacting organizations security postures.
  • Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
  • Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
  • Convey complex technical security concepts to technical and non-technical audiences including executives.
  • Perform technical quality reviews and conduct technical conversations directly with clients.
  • Keep uptodate with the latest techniques and concepts.
  • Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
  • Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
  • Understanding and experience with Active Directory attacks.
  • Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
  • Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
  • Support SDLC and agile environments with application security testing and source code reviews.
  • Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
  • Provide technical expertise and guidance to clients on remediation strategies and security best practices.

 

Skills and attributes for success

  • In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
  • Good to have knowledge in AI in pentest
  • Understanding of TCP/IP network protocols.
  • Understanding of network security and popular attacks vectors.
  • Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
  • Strong understanding of security principles, policies, and industry best practices
  • Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
  • Excellent communication and presentation skills, both written and verbal.
  • Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
  • Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.

 

To qualify for the role, you must have

  • BE/ B.Tech/ MCA or equivalent
  • Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
  • One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
  • Knowledge of Windows, Linux, UNIX, any other major operating systems.
  • 3-9 years of work experience in Strategy and Operations projects
  • Team management skills are preferred.
  • Conduct technical discussions and perform technical Quality reviews.
  • Familiarity with OWASP methodologies and application security vulnerabilities.
  • Exceptional ability to educate and guide application developers in security best practices.
  • Excellent communication, presentation, and interpersonal skills.
  • Strong Word, Excel and PowerPoint skills.

 

Ideally, you’ll also have

  • Project management skills
  • Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.

Education

BE/ B.Tech/ MCA