The candidate is expected to independently manage one or more security testing projects
The candidate is expected to act as a lead and execute complex enterprise application and infrastructure security testing projects (primarily onsite)
The candidate is expected to complete the projects within budgeted efforts, deliver high-quality reports and ensure high CSAT score
The candidate is expected to gain in-depth knowledge and understanding of enterprise networks, web & mobile applications developed in various languages (i.e. Java, ASP, .NET, C++, C#, etc.)
The candidate will be involved in application architecture understanding, threat identification, vulnerability identification, and control analysis
The candidate is expected to be proactive in project planning and execution
The candidate is expected to do likelihood determination, impact analysis, and risk determination
The candidate is expected to showcase prioritization of risks including solution recommendation and documentation
The candidate is expected to identify and infer the business risk posed by the weaknesses identified during the assessments
The candidate is expected to engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure perspectives
The candidate should be open for onsite deployments anywhere across the world as business demands
Required Candidate profile
Expertise in web application penetration testing
Expertise in mobile application penetration testing
Expertise in network penetration testing
Expertise in wireless network penetration testing
Expertise in VOIP penetration testing
Expertise in Network Architecture Review and Firewall Rule-base Audit
Expertise in configuration audit or vulnerability assessment of multiple OS and Network Device platforms
Ability to handle difficult situations and to provide alternative solutions or workarounds
Flexible and creative in helping to find acceptable solutions for customers
Good communication and writing skills with the ability to talk to both business people and technical people
Good project and team management skills
Security certifications such as OSCP, Certified Red Teaming Expert, GWAPT, etc.
Ability to work independently with minimal oversight or in teams
Good to have skills:
•Experience with Source Code Review will be a plus
•Experience in Application Architecture Review will be a plus.
•Experience with testing different types of networks including GSM and Cloud etc.
•Knowledge of Cryptography (symmetric and asymmetric encryption, PKI, etc.)
•Ability to work on multiple complex assignments simultaneously
•Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
•Knowledge of different standards such as PCI DSS and, ISO, etc.
Qualification: Graduate or higher