Penetration Tester - Threat Hunting

Job Responsibilities : ( General Shift & Uk shift), 5days work from Office, Cab facility is there.

- Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and Cloud on system and network levels, employing advanced ethical hacking techniques.

- Application Penetration Testing (Browser-based, API, Mobile, IoT)

- Threat Modeling

- Source Code Review

- Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.

- Perform red team exercises to determine where weaknesses in the clients infrastructure and how it should be remediated.

- Organizing and delivering technical security operational briefings for both technical and non technical audiences.

- Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics

- Dynamic application security testing (DAST) scans on the identified targets without credentials.

- Perform credentialed DAST scans on known client URLs.

- Conduct research to identify new attack vectors.

- Review and provide feedback for all Security Artifacts.

- Play a critical role in building an AppSec program that has a wide scope and impact.

- Researching Open source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients.

- Preparing and delivering clear, accurate, and concise written and oral technical reports for

management.

Job specifications :

1. Qualification :

- Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN

2. Experience :

3. Desired Skills :

Knowledge and Experience :

- Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE).

- A thorough understanding of the Secure Development Life Cycle

- Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse

application attack vectors, security testing processes, and both wired and wireless network security protocols.

- Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).

- Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).

- Mobile platform penetration testing tradecraft and methodologies across widely-used

platforms (iOS and/or Android).

Microservices testing :

Ability to find and exploit bugs in :

- C++, Java, JavaScript, Go, and Python

- Kubernetes, AWS, GCP, or Azure

- Memory management, namespaces, cgroups, etc.

- Passion for writing code to solve problems combined with an interest in Offensive Security.

- Ability to demonstrate a strong background in one of the following languages : Golang,

Python, Java, JavaScript, C++, C

Personal Attributes :

- Self-starter and quick learner requiring minimal ramp-up

- Excellent analytical, written, oral, and interpersonal communication skills

- Highly self-motivated, self-directed, and attentive to detail

- Ability to effectively prioritize and execute tasks in a high-pressure environment

- Strong communications skills to comfortably work cross-functionally across the organization.