Penetration Tester

**Key ResponsibilitiesA. VAPT Activities**

The VAPT should be comprehensive and include, but not be limited to:

- Network Scanning and Port Scanning
- System Identification and Trusted System Scanning
- Vulnerability and Malware Scanning
- Spoofing and Application Security Testing
- Access Control Mapping
- Denial of Service (DoS) Attack Simulation
- Password Cracking Techniques
- Cookie Security Assessment
- Functional Validation of Controls
- DMZ Architecture Review
- Firewall Rule Analysis
- Operating System Security Configuration Review
- Database Security Configuration Analysis
- Identification and Analysis of Complex Cyber-Attacks

**B. Website / Web Application Assessment**

Assessments should be performed as per the **latest OWASP Guidelines** and should cover:

- SQL Injection, CRLF Injection
- Cross Site Request Forgery (CSRF)
- Directory Traversal Vulnerabilities
- Authentication Exploits and Man-in-the-Middle Attacks
- Unvalidated Redirects and Forwards
- Password Strength Assessment
- JavaScript Security Scanning
- File Inclusion and Malicious File Execution
- Exploitable Vulnerabilities in Custom Code
- Web Server Security Assessment
- HTTP Injection
- Website Phishing Techniques
- Buffer Overflow Detection
- Input Validation Testing
- Insecure Storage and Social Engineering Attacks

**Standards & Methodologies**
- Follow industry best practices and **OWASP methodology**:

- Injection Flaws
- Broken Authentication
- Sensitive Data Exposure
- Cross-Site Scripting (XSS)
- Broken Access Control
- XML External Entities (XXE)
- Security Misconfiguration
- Insecure Deserialization
- Usage of Vulnerable Components
- Insufficient Logging & Monitoring
- Business Logic Vulnerabilities
- Provide detailed reports including:

- Risk Ratings and Remediation Plans
- Recommendations for Mitigation and Security Enhancements

**Eligibility Criteria**
- **Experience**: 3 to 9 years in VAPT, Cybersecurity, or related domains
- **Education**: Bachelor’s degree in Computer Science, Information Security, or related fields. Relevant certifications are a plus
- **Certifications Preferred**:

- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional) preferred
- CISA / CISM / CISSP preferred
- CompTIA Security+, GIAC, or similar

**Required Tools & Technologies**
- **Burp Suite**:

- **Nessus / OpenVAS**:

- **Metasploit Framework**:

- **Nmap, Wireshark**:

- **Nikto, Acunetix**:

- **OWASP ZAP**:

- **Kali Linux or Parrot OS**:

- **Custom Scripting (Python, Bash, etc.)**

**Job Types**: Full-time, Permanent, Fresher

Pay: ₹600,000.00 - ₹1,500,000.00 per year

**Benefits**:

- Food provided
- Health insurance
- Leave encashment
- Paid sick time
- Paid time off
- Provident Fund
- Work from home

Schedule:

- Day shift
- Fixed shift
- Monday to Friday

Supplemental Pay:

- Performance bonus
- Yearly bonus

Work Location: In person