Associate Consultant

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.

At YASH, we're a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.

We are looking forward to hire Vulnerability Assessments Professionals in the following areas :

Preferred Qualifications

• The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing.
• Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc.
• Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc.
• Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network).
• Experience and knowledge of Web Application Security standards such as OWASP/SANS etc.
• The Security Test Engineer should have the ability to stay organized and possess excellent communication skills.
• Experienced in preparing and presenting detailed penetration testing report. 
• The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security.

Skills

• Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs
• Network analysis tools to identify vulnerabilities.
• Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable.
• Creation of vulnerability metric and remediation-related dashboards and reports.
• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing.
• Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities.
• Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
• Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs.
• Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies.

Working Knowledge

• Cybersecurity principles
• Security source code review vulnerabilities 
• Cyber threats and vulnerabilities
• System and application security threats and vulnerabilities
• General attack stages (e.g.: foot printing and scanning, enumeration, gaining access)
• Escalation or privileges, maintaining access, network exploitation, covering tracks)
• Ethical hacking principles and techniques; penetration testing principles, tools, and techniques.
• Use of penetration testing tools and techniques and social engineering techniques
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner.

Minimum qualifications

• Bachelor's degree or equivalent practical experience.
• 8 years of relevant work experience within areas of penetration testing 
• Previous experience with systems administration and/or programming.
• Mandatory certifications:Offensive Security Certified Professional (OSCP)

At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.

Our Hyperlearning workplace is grounded upon four principles

• Flexible work arrangements, Free spirit, and emotional positivity
• Agile self-determination, trust, transparency, and open collaboration
• All Support needed for the realization of business goals,
• Stable employment with a great atmosphere and ethical corporate culture