Assignment Details
Our client, a leading global specialist in energy management and automation is looking to engage with a Consultant Pen Tester with RED teaming experience.
About the role: Secure Software applications and infrastructure from potential vulnerabilities and attacks. Drive product privacy and cybersecurity features and enhancements. Ability to work in a fast-paced, rapidly changing, Agile, competitive environment.
Key responsibilities:
· Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives
· Oversee the management and remediation of identified security flaws within our development platforms
· Build and maintain monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs
· Drive vulnerability assessment and penetration testing (VAPT) activities for multiple R&;D applications, implement DEVSECOPS across the product line
· CI/CD integration of SAST and DAST platforms.
Duration: 12 months (Extendable)
Capacity: Full time
Location: Bangalore (Onsite)
Skills Required
- Education: B.Tech / M.Tech in CS / IT / EE / EC / EI
- Cybersecurity Certifications: CEH / OSCP - Preferred.
- A professional with a certain level of knowledge and at least 8 years of expertise in Software application pen testing
- Knowledge of the DevSecOps framework, understanding on NIST, OWASP, MITRE,CWE etc
- An understanding of programming languages such as C#, Perl, JavaScript, Python and/or PHP.
- Understanding of TCP/IP, common networking ports and protocols, OSI model
- Knowledge of Threat modelling and risk assessment techniques.
- Up-to-date knowledge of cybersecurity threats, current best practices, and latest software.
- An understanding of programs such as HP Fortify, Puppet, Chef, ThreatModeler, Checkmarx, Aqua. They may also need to know Kubernetes/ Docker. Security assessment tools (e.g. NESSUS, NMap, BurpSuite, ZAP, OWASP tools, Kali Linux tools, Fuzzing tools)
- Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
- Knowledge of one or more SSO methodologies (SAML, LDAP, OpenID)
- Experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
- Deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.
Share
12 month(s)
8+ years 
On-Site
