Department:
Solution Service Delivery
Position Purpose & Summary:
The candidate is expected to perform web application security and security testing where the candidate will be directly involved in the day to day functions such as understanding the domain and technology involved.
The candidate will be exposed to various project in which he/she is expected to assist test lead in devising the threat model, defining the attack vectors, providing inputs to test planning, executing vulnerability assessment and security tests, analysis of results, recommendations and proposing suitable remediation, and also metrics generation.
The candidate shall be an exposed and familiar with Kali Linux, nmap, Metasploit, OWASP and others.
Primary Duties & Responsibilities:
- Create, execute and maintain test scenarios and attack vectors
- Run vulnerability assessments for various technologies and domains
- Ensure compliance and Industrial best practice such as SANS,NIST,RAKKSSA and CIS
- Able to conduct audits & security tests to ensure web, wireless, mobile and network security
- Actively contribute to ISO17025 implementation, maintenance and improvement of quality management system in respected field of testing.
- Responsible to report occurrence of departures from QMS or procedures related to performing test activities and report to technical lead or quality manager.
- Able to assist in closing open issues assigned and documentation changes.
Relevant Work Experience
- More than 5 years’ experience in security testing
- Understand various Test Methodologies
- Worked on any two of the following: Backtrack, Kali Linux, Metasploit, Samurai, Blackbuntu, Backbox, Webscarab, Burp Suite, Nessus, Nexpose, Acunetix, Appscan, Netsparker etc
Qualifications
- Bachelor’s Degree or Professional Degree in Computer Science / Computer Engineering / Software Engineering / Electronic & Electrical Engineering field.
Professional Qualification
- Networking related certification such as CCNA/CCNP/SCPE is a plus
- Security related certification such as CEH/CISSP/CompTIASecurity+ is a plus
Technical Skills
- Basic programming skills such as C, C++, PHP, ASP, .Net, Java, VB, Database exposure such as Oracle/MySQL and experience in using various platform such as Linux/Unix and Windows
- Basic understanding of application security including Threat Modeling, SSL / TLS, Digital Signatures, Access Control, Auditing Architectures, Application Vulnerabilities (SQL Injection, Cross-Site Scripting, Buffer Overflows, etc.), Public Key Infrastructure (PKI using RSA), Authorization Authentication, Cryptography, Password Protection, State Management (Cookies, Session), Trusted System is a plus
- Should be well versed with OWASP Top 10 and/ or SANS Top 25
- Fundamentals in Network; Protocols, Layers, Routing, Security is a must
Soft Skills:
- Able to work independently with customers/application team to define complex security issues and to deploy and configure associated applications
- Able to work under pressure and to tight time scales with a demonstrable ability to multitasking and delivering projects to tight deadlines
- Good interpersonal and communications skills
