Security Consultant

Are you interested in automating the build and deployment process of the application with ensuring the application security? If yes, then Payatu is the place for you. We are always in search of passionate people to expand our renowned Bandit family at Payatu. In the quest for Bandits, here is an excellent opportunity we would like to share with you.
Who we are? 
Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual.
What we look for outside work parameters?

• Your expertise is your primary qualification, not your degree or certification.
• Your publicly known contributions are your credentials.
• Papers you have written, tools you have developed are your references.
• Your write-up reflects your interests and ethics.
• Your published exploits, your CTF scores, and hall of fame listings are the testimonies of your work.
• Your research paper was published and presented at conferences.
• You are learning from the community and enthusiastically contributing back.

You are a perfect technical fit if:

• Strong fundamental of application and network protocols.
• Minimum of 3 years in penetration testing or red teaming roles, with a focus on Active Directory environments.
• Design and execute advanced penetration testing, vulnerability assessments, and simulated attack scenarios to identify security weaknesses in the organization's systems, networks, and applications.
  Simulate advanced threat actor tactics, techniques, and procedures (TTPs) to assess and enhance security postures.
• Document and communicate detailed findings, including vulnerabilities, exploits, and recommendations for mitigation, in clear and actionable reports to technical and non-technical stakeholders.
• Stay current with emerging threats, vulnerabilities, and attack vectors. Develop or customize tools, scripts, and techniques to enhance Red Team capabilities.
• Strong Planning and execution of social engineering attacks, including phishing, pretexting, baiting, and tailgating, to assess the organization's human vulnerabilities and identify potential risks from insider threats.
• Stronghold on Web application security concept and penetration testing skill.
• Good command of at least one programming language.
• Good understanding of OWASP Top 10 and other web-related vulnerabilities as well as logic flaws.
• Good hands-on experience in performing penetration testing of web-based applications preferably in the financial domain.
• Good to have experience in working alongside the development/QA teams.
• Good report writing and presentation skills.
• Should be able to suggest optimum security improvements to application components.

You Have All Our Desired Qualities, if:

• You have proficiency in penetration testing tools (e.g., Metasploit, Burp Suite, Nmap) and red teaming tools
• You have strong understanding of network protocols and services: TCP/IP, DNS, DHCP, SMB, LDAP.
• You have a history of publishing or presenting good research.
• You have the knack of finding security bugs in everything you touch.
• You have excellent written and verbal communication skills and the ability to express your thoughts clearly.
• You have the skill to articulate and present technical things in business language.
• You can work independently as well as within a team and meet project schedules and deadlines.
• You have strong problem solving, troubleshooting, and analysis skills.
• You are working on something on your own in your field apart from official work.

Your everyday work will look like:

• Security assessment of web application and web service on various platforms.
• Back your findings with Proof-of-concept exploits.
• Collect evidence and maintain a detailed write-up of the findings.
• Explain and demonstrate vulnerabilities to application/system owners.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.
• Individually or collaboratively review the system designs, source code, configurations, communications for security gaps.
• Sharpen your saw with continuous research, learning, training on the latest tools and techniques, keeping up with new research, and sharing the same with the ecosystem.
• Communicate well using verbal and written skills, within and out of the team.
• Conduct comprehensive penetration tests across networks, systems, and applications, with a primary focus on Active Directory infrastructures.
• Simulate advanced threat actor tactics, techniques, and procedures (TTPs) to assess and enhance security postures.
• Perform lateral movement, privilege escalation, and persistence techniques within AD environments.

NOTE: This position is open for Pune and Bangalore location.

---