Penetration Tester - Hyderabad, India - Foundever

Description

This position involves performing security vulnerability assessment and penetration testing. Penetration tests will involve a mixture of environments, including network devices, servers, systems, databases and applications that are web-based, server-based and virtual. The successful candidate will work effectively in both individual and team environments. The incumbent must be a self-starter, who is able to contribute to the overall success of the team as well as within other teams.

Primary Responsibilities of the Security Specialist I, Global Security Operations Center Role

· To perform network, system and application vulnerability assessments and penetration testing.

· To do pen-source and commercial testing tools including Kali Linux, Nessus, Metasploit, Nmap, Burp Suite Proxy, Wireshark, Kismet, etc. Additionally, must maintain awareness and knowledge of newly released open-source tools and exploits.

· To use various scripting languages such as Python, Perl, PowerShell, Bash, etc.

· To analyze identified vulnerabilities to write clear and concise assessment, penetration testing and compliance reports.

· To configure, administrate, and troubleshoot Operating Systems including Unix/Linux, Windows, iOS, Android, and the various network devices.

· To applies advanced knowledge of concepts, practices, and procedures of IT Security, with awareness of related fields.

· Applies analytical and interpretive thinking to complex problems; determines methods /procedures based on professional judgment to achieve desired outcomes.

Knowledge, Abilities & Skills

Skills/Competencies

• Knowledge of TCP/IP protocols and networking architectures.
• Knowledge of databases, applications, and web server design and implementation.
• Knowledge of security and IT standards, such as PCI DSS v3.0 & NIST SP800.
• Knowledge of the National Vulnerability Database (NVDB) & the Common Vulnerabilities and Exposures List (CVE). CVE is a dictionary of publicly known information security vulnerabilities and exposures.
• Excellent time management, written documentation, and oral presentation skills.

Experience, Qualifications, Certifications & Travel

Minimum Requirements

Education:

Bachelor's degree in Information Technology, Computer Science, or related field. Experience may be evaluated in lieu of educational requirements on a case-by-case basis.

Experience: (3+ years' experience)

· Experience with mobile devices and mobile application security, including secure configuration and tools, techniques, and procedures for security testing.

· Experience assessing and testing network devices, including firewalls, routers, VPNs, and switches.

· Experience with programming and scripting in C++, Perl, Python, bash, Java and/or Assembly Language (x86).

· Experience with TCP/IP including but not limited to HTTP, HTTPS (SSL), DNS, SMTP, MSRPC, RDP and SSH.

· Experience with wireless network security, including secure configuration and tools, techniques and procedures for security testing.

· Experience with application security, including source code review.

· Experience with audit techniques to identify insecure configurations of Windows/Unix/Linux, web servers (Apache, IIS, etc.), databases (MySQL, MSSQL, Oracle, etc.) and web application scripts (PERL, Python, ASP, etc.).

· Experience with one or more social engineering test modes (physical, phishing or pre-texting).

· Will consider relevant security certifications such as CEH, GIAC, CISSP, GPEN, CEPT, LPT, CPT, OSCP, etc.

Travel: None