5+ years’ of experience in Vulnerability Assessment and Penetration testing.
Should have carried out at least five IT Security Audits, preferably two of which should be in the last 12 months in line with the CERT-IN norms.
Experience in working heterogeneous work environments.
The security test engineer will be part of the audit team that shall conduct security audits for the clients in order to identify the gaps in terms of web security, application security, web-application security, mobile app security, Network security and IT infrastructure security.
The team members shall be responsible for the development and execution of the individual audit tasks assigned to them and prepare a detailed report in its regards as desired.
The team members shall prepare VAPT (Vulnerability Assessment & Penetration Testing) reports using defined templates and assist the management for finalization of audit reports.
The team members shall prepare the audit plans, test cases, and test scenarios to perform the security audit.
Desirable Skills & Experience:
Experience in analyzing and in identifying the vulnerabilities manually.
Experience in web application, Mobile App and network Vulnerability Assessment & Penetration Testing.
Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g. Qualys, Nessus, WebInspect, Acunetix, Metaexploit, Burp Suite Pro, Netsparker etc.
Experience in using security frameworks such as Metaexploit, Kali Linux etc.
Experience and knowledge of Web Application Security standards such as OWASP (Open Web Application Security Project )/SANS etc.
The Security Test Engineer should have the ability to stay organized, and possess excellent communication skills.
Perform penetration tests on computer systems, networks and applications
Create new testing methods to identify vulnerabilities
Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection
Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
Search for weaknesses in common software, web applications and proprietary systems
Research, evaluate, document and discuss findings with IT teams and management
Review and provide feedback for information security fixes
Establish improvements for existing security services, including hardware, software, policies and procedures
Identify areas where improvement is needed in security education and awareness for users
Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
Stay updated on the latest malware and security threats
Good to have at least one of the following certifications viz.:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM) of ISACA
Certified Information Systems Auditor (CISA) of ISACA