Location- WFH till 31st December 2020 at the moment.
Knowledge and skills required:
1. Perform in-depth security assessment of web applications/API on various platforms and also experience in network infrastructure security assessment.
2. Strong exposure to popular application security standards including OWASP top 10, SANS Top 25 etc and knowledge of leading security practices and regulatory requirements.
3. Demonstrate knowledge of current vulnerabilities (SQL Injection, XXE, CSRF etc) and their exploitation techniques.
4. Develop secure code practices and provide hands-on training to development teams.
5. Work with cross functional teams to align and prioritise remediation efforts.
6. Knowledge of Risk rating standards such as CVSS, DREAD, STRIDE etc.
7. Understanding of programming languages such as PHP, HTML, javascript, etc
8. Knowledge and understanding of windows, Linux, networking concepts and security infrastructure(firewalls, IDS/IPS etc).
9. Experience in working with tools such as Burp Suite, Acunetix, OWASP ZAP scanner,Nessus, Qualys etc.
10. Perform vulnerability assessment and configuration reviews on a routine and ad-hoc basis against: workstations,servers,network components etc.
11. Good knowledge of any one of the scripting languages ( python, shell script etc)
Good to have :
1. Experience in performing manual source code reviews.
2. Mobile application security assessment.
3. Microservices Pentesting.
4. Good understanding of cloud technologies and working experience on AWS, Dockers, etc.
5. Certification like CEH, CompTIA Security+, etc
Offered CTC- 3 TO 6 LPA
Friday, November 13, 2020
Junior Security Analyst - Penetration Testing (2-6 yrs) (Job Mantras)
