Penetration Tester

Cybersecurity Penetration Tester will work with project teams to ensure applications meet our security policies. 3+ Years of Experience - Understand project deliverables and application details - Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system - Propose mitigation steps for identified risks and threats - Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed. - Work alongside with the cybersecurity community and application teams. - Explore process, reporting and improvement in techniques - Ability to collaborate with other penetration teams to align in knowledge, tools and techniques Skills - Security – Web, Mobile, API, Cloud and Container, Thick Client, Network, Operating System etc. - Applications Development & Delivery - Understanding or experience on any of the following is an advantage: - Cloud Security Assessment and Security Audits of Cloud Environment - Vulnerability Management (Process, Tools and Metrics) - NIST Cybersecurity Framework - Critical Security Controls (CSC) - Expertise in DevSecOps methodologies is also an advantage. Knowledge - Pentest standards and methodologies, OWASP, SANS etc. - Subject matter expert in web/mobile/thick client/API assessments - Good understanding of server vulnerabilities (Linux, Windows) and hardening - Familiarity with cloud platforms, and cloud container security - Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools. - Experience with automation, scripting (Python, Perl, Ruby, etc.) - Proactive interest in emerging technologies (e.G. Offensive AI) and techniques related to penetration testing - Ability to translate technical security topics in a business-friendly manner - DevSecOps implementation and supporting security tooling (SAST) Experience & Certification - Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API, Thick client & Network. - Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc. - Azure / AWS security certifications is a plus. - CISSP, CEH also a plus Behaviors and Competencies - Strong written and verbal communication skills, with a proven ability to communicate with technical staff, as well as project teams, so security risks are understood in business terms - Keep pace with standards and technologies related to security - Requirements Gathering and Analysis - Interpersonal Skills, proactiveness