The position is with the Cyber Security team of our client.
Role : Vulnerability Assessment & Penetration Testing (VAPT)
Job Requirements :
a) Network VAPT : Good experience in carrying out VAPT of the following network elements :
- Firewalls
- Core routers
- Core switches
- Wi-fi networks
- Windows servers
b) Web Application VAPT : Strong experience in carrying out web application based VAPT including that of web crawling and building custom scripts for SQL injection and browser exploitation.
c) Mobile Security : Adept at carrying out mobile security testing covering aspects like app VAPT, Mobile app server VAPT and preferably some knowledge of mobile code review for popular platforms like IOS/Android.
d) Cloud Infrastructure & Application Security :
- Infrastructure Vulnerability scans
- API testing
- Microservices testing
- Platform-specific testing experience would be an added advantage (e.g. VA PT of AWS, Azure)
e) Required Tools :
- Nmap
- Nessus
- Burp suite
- Masscan
- Accunetix
- Air crack ng
- Air Snort
- Metasploit
- Maltego
- Shodan
- OWASP ZAP
- ADB
- IPAD file explorer
- Kali Linux
- Wireshark
- Live CD's like Kitana
f) Scripting and coding experience (optional - good to have)
- Python
- PHP
- BASH
g) Services Specific Experience : The candidate must have reasonable experience in the conduct of red teaming campaigns such as :
- Phishing campaigns
- Perimeter breach testing
- AD compromise
- Web Application compromise and Exfil
- WAF by passing
- EDR bypass testing
- Payload development using KALI/Cobalt Strike etc.
- An added advantage would be skills around custom malware development
h) Certifications :
- Core Certifications (Anyone or multiple) : OSCP/ GIAC Penetration Tester (GPEN)/CEH/ ISACA CSX (cybersecurity nexus)
- Other Certifications (good to have) : ISO 27001 LA,/Encase 6 or above Certified, Access FTK certified
i) Sales support Skills & Project Management : The candidate is expected to have the following skills :
(I) Sales Support
- Carry out internal risk clearance and management processes for client
- Assist senior management in research and writing technical white papers
(II) Project Management
- Tracking time charged on projects
- Oversee activities and work with project team members on a hands-on model to ensure quality delivery
- Be the first point for the client for status update meetings and project escalations
- Build project presentations and audit reports
- Discussions of the draft audit report for stakeholder buy-in (in case of audit assignment)
(III) Team development
- Support managers in Building excellent and simplified training materials to train client teams and Junior team members
- Conduct knowledge sharing sessions for the teams below them on a monthly basis
(IV) Key soft skills and other requirements :
- The candidate is expected to have excellent analytical skills and report writing skills to ensure that deliverables for all assignments are well accepted by the clients.
- The candidate is also expected to have excellent presentation making skills to ensure that report summaries are made into succinct theme-based presentations to senior management.
- The candidate may be required to travel for short to long term assignments depending on client requirements.
- Must have been in a client-facing role in addition to a technical role.
- Must have managed mid-level stakeholders at the client (VP level, CISO, and Audit leads)
