Penetration Tester

Are you tired from hacking the same network every single day for the past year? Come and join us in hunting vulnerabilities in a highly dynamic environment. Hundreds of projects are waiting for you.

Together we will shape cybersecurity for healthcare. You are welcome to join our team in Bangalore. Your tasks will be the following:

• Execute penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS and Azure) architecture, IoT devices, and more.
• Experience in performing Manual as well as Automated application testing in an Agile environment.
• Update and validate application's pen-test workbook in every sprint release.
• Perform Vulnerability Assessment Penetration Testing (VAPT) and identify security gaps.
• Ability to implement OWASP Control on Web application and Ensure Security controls and vulnerability are closed in timely manner.
• Good understanding of web application architecture and Secure development life cycle (SDLC).
• Identify and exploit incorrect configurations and security vulnerabilities on Windows and Linux servers.
• Safely utilize tools, tactics, and procedures used in penetration testing engagements.
• Perform worst-case scenarios modelling and scope creation, as well as execute relevant tests based upon the results.
• Write & present comprehensive and accurate reports for both technical and executive audiences.
• Provide technical guidance for remediation of findings.
• Develop scripts, tools, or methodologies to enhance penetration testing processes.
• Lead penetration testing projects, supervise junior colleagues.
• Black box and white box penetration testing
• Hacking into authorized customer systems, obtaining a foothold, pivoting to other relevant systems, and obtaining important data for exfiltration.

What are we expecting?
Education

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related field required.
• Master's degree in a related field is preferred.

Language

• English – advanced.

Professional skills

• 4+ years of experience in an offensive security specialty.
• An expert level of knowledge is required in the following areas:
• Port scanners, vulnerability scanners, exploitation frameworks.
• Experience with Security testing tools, including OWASP ZAP, BurpSuite, SonarQube, Veracode, Checkmarx, Metasploit, Nmap, Wireshark, Nikto, GoBuster.
• Enumeration techniques.
• Active Directory.
• Cloud (Azure and AWS).

A good understanding of the following concepts is expected:

• Windows and Linux access controls, administration and user management.
• Authentication and Authorization models.
• Web server administration and architectonic concepts.
• Penetration testing processes, procedures and reporting requirements.
• Post exploitation techniques.
• Experience with security concepts of databases (MS SQL, Oracle DB, PostgreSQL, MySQL).
• DevOps, DevSecOps, Cloud Security etc. and Programming language such as ASP.NET, JAVA, Python

The candidate is expected to have a basic understanding of the following concepts:

• Application development.
• Java/C#/Python/C programming.
• Application penetration testing (OWASP).
• Automatic vulnerability scanners.

Nice to have

• Work experience in other IT fields (software developer, security tester, Application security auditor, cloud security etc.)
• Work experience in leading penetration testing teams and projects
• Mindset to explain vulnerabilities to non-technical people
• Certifications such as OSCP, OSCE, CISCO CCNA, CISCO CCNP, CREST CRT, GIAC (GXPN, GWAPT, GPEN,GMOB).
• Assigned CVE.

• Experience with:

• Bug bounty platforms & programs

• SCRUM/KANBAN
• LaTeX
• CTF platforms (HackTheBox, TryHackMe, etc.)