Job Description

General:




Conduct Vulnerability Assessments & black-box/grey box penetration tests on system & network infrastructure; web, mobile & thick-client applications using various open source, commercial tools and manual testing methods.


Infrastructure VA:

• 
  Map out a network, discover ports and services running on the different exposed network and security devices
• Conduct penetration test and launch exploits using NMap, Nessus, Metaspoilt, Backtrack, Kali Linux penetration testing tools sets
• Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption
• Analyze scan reports and recommend remediation / mitigation actions
• Keep track of new vulnerabilities for all relevant technology platforms
• Audit configuration of OS, Network and Security devices
• Providing rich client specific reports.

• 
  Conduct web, mobile and thick clients\xe2\x80\x99 application assessments based on industry standards/benchmarks like OWASP. Conduct assessments using relevant automated tools and compliment with manual reviews.
• Social Engineering
• Conduct phishing and spear-phishing simulated assessments, and techniques in the social engineering domain to assess the adequacy of awareness and training programs in organizations.

• 
  Experience on network vulnerability scanning and penetration testing
• Experience with Nessus, NMAP Backtrack, Metasploit, HPing, and similar tools set like RetinaCS, Qualys, Tenable.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database
• Analytical thinker willing to \xe2\x80\x9cthink outside the box\xe2\x80\x9d to resolve customer impacting situations on first contact; understand customer risk profile.
• Self-starter and ability to deliver under defined timelines
• Team player

• 
  Candidate shall develop a Vulnerability Management process capable of identifying both new and known vulnerabilities , in information systems (applications and infrastructure assets).
• Candidate shall be able to detect and respond to known vulnerabilities in order to prevent them from being exploited, including escalation to the appropriate TAP team, when appropriate.
• Candidate shall be able to discover, analyse, and handle new or reported security vulnerabilities in information systems.
• Candidate shall learn about new known vulnerabilities, through public or third-party sources.
• Candidate shall devise a process, and adequate tools, to accept or receive information about vulnerabilities, as reported from customer teams or individuals, or from third parties.
• Candidate shall monitor the reporting channels and conduct the interaction with the submitter of the vulnerability report, according to the rules established .
• Candidate shall review, categorize, prioritize, and process the vulnerability reports.

• 
  Minimum Bachelor\xe2\x80\x99s Degree (Engineering / Computer Science / Computer Application) or Equivalent. Master Degree in IT Security / Cyber Security is Preferer.
• Certification like ISC2 CISSP, CEH, penTest+, Vendor / OEM certification on EVM such as Qualys, tenable equivalent would be preference.

• 
  5 \xe2\x80\x93 10 Yrs. (Preferable exp on Govt / Semi Govt / Others Govt Agencies)