Product Security Specialist

2 weeks ago


Pune, Maharashtra, India Vertiv Full time ₹ 15,00,000 - ₹ 20,00,000 per year

Job Description
The
Senior Pen Tester
is responsible for conducting security pen testing, monitoring, and auditing within a dynamic global organization. The products under test will have the coverage of embedded devices and cloud services. The Senior Pen Tester should have exposure to embedded devices as well as cloud services (AWS/Azure). Some of the products will be white box tests while others will be total black box engagements. A successful Senior Pen Tester will be able to take the product and evaluate the weak points in the design and implementation and focus in on those weaknesses to find security gaps. All the findings by the Senior Pen Tester will need to be clearly documented and relayed to the design team for mitigation. The Senior Pen Tester will need to be very versatile in their attack vectors and their knowledge of exploits. The ideal candidate will be well experienced in a broad range of attack vectors across a wide spectrum of devices from small, embedded devices to wide and complex cloud ecosystems.

They will be responsible for interfacing with engineering teams to conduct security testing, auditing and should be able to explain the findings. They will be responsible for ensuring that engineering teams stay in compliance with the security expectations of the global organization. The Senior Pen Tester will be expected to stay current with the latest security threats and attack vectors that can be deployed against the product portfolio. They should also have experience in communicating clearly and concisely the findings of these activities to an audience.

This position will be primarily based out in Pune (Global R&D center), INDIA, and will consistently work under the guidance and processes of global security and will support all the regional as well as global engineering groups. The testing activity and methodology deployed to confirm compliance is guided but expected to be enhanced by the Senior Pen Tester. The Senior Pen Tester will be expected to use their knowledge and experience to further develop internal testing processes and procedures.

Key Duties
Duties
In addition to performing internal application and product security assessments the Senior Pen Tester will be expected to support response to possible breaches of security based on newly disclosed information. Other key duties include:

  • Conduct security evaluation and threat assessments of embedded systems, mobile applications, web applications
  • Conduct research for the purposes of finding new vulnerabilities and enhancing existing capabilities
  • Circumventing security protection methods and techniques
  • Performing data bus monitoring (snooping) and data injection
  • Conduct communications protocol analysis in the embedded products, and applications
  • Conduct wireless communications channel snooping, and data injection
  • Reverse engineering complex systems and protocols
  • Create detailed technical reports and proof of concept code to document findings
  • Perform System Breakdown of the project/product before testing, identify and evaluate all the testing requirements and plan out the detailed testing activities, resources etc.
  • Proactive detailed interaction with respective engineering group on the testing needs, testing progress/status and provide detailed analysis report
  • Have effective Gitlab issue management reviewing and, providing mentorship and direction on planned testing activities for junior resources in line with defined processes and procedures. Assist in leading testing activities in all the regions, provide head-to-head support to Assessment Pillar Manager and help to drive continuous improvement in testing processes and procedures.
  • Thorough adherence and follow-up of VERTIV SECURE requirements and Vulnerability Management and Incident Response processes.
  • Preference given to other practical skills such as: functional analysis, memory image capture, static memory analysis, and data element extraction, etc.

Requirements

  • A bachelor's degree in information technology, Computer Science or related Engineering field is highly desirable.
  • Additional advanced security qualifications such as CISSP (Certified Information Systems Security Professional) certification, Offensive Security Web Expert (OSWE) or equivalent preferred.
  • Eight or more years' experience (5 to 8 years) in information, application, and embedded product security and/or IT risk management with a focus on security, performance, and reliability
  • Solid understanding of security protocols, cryptography, authentication, authorization, and security
  • Good working knowledge of current IT risks and experience implementing security solutions
  • Ability to interact with a broad cross-section of personnel to articulate and enforce security measures
  • Excellent written and verbal communication skills as well as business acumen
  • Strong leadership, vision, effective communication and goal-oriented
  • Strong ability to establish partnerships and influence change and achieve results within dynamic environment
  • Meaningful technical contributions into the development lifecycle of an application, product, or service

Preferred Knowledge Experience Includes

  • Understanding and development experience of embedded systems / software, and web-based applications
  • Linux network device driver/data-path performance exposure
  • Familiarity with compilers, debuggers, disassemblers, and other low-level development and analysis tools
  • Exposure to binary analysis tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda, and S2E
  • Working knowledge of hacking tools and techniques such as memory corruption exploits, rootkits, protocol poisoning, browser-based attacks, DNS poisoning, MetaSploit, nmap, Nessus, etc.
  • Experience with UNIX kernel internals and low-level Windows internals
  • Comfort with reading and understanding of x86 and/or ARM assembly
  • Experience with program analysis techniques such as taint analysis, program slicing, symbolic execution, constraint solving, and dynamic instrumentation
  • An understanding of common cryptographic algorithms and protocols including their weaknesses and attacks against them
  • Ability to extract software/firmware from provided hardware
  • Meaningful experience utilizing git (Github or gitlab)
  • Understanding of network protocols and experience developing packet-level programs
  • Experience with common microcontroller programming tools and debugging interfaces
  • Linux network device driver/data-path performance exposure
  • Exposure to Layer 2, Layer 3 networking, QoS
  • Network and/or application security knowledge (L2/L3 firewall, DPI, IDS, IPS)
  • Knowledge of common malware/botnet exploits and how they are targeted to exploit embedded systems
  • Operating system configuration of Windows, Linux, Android, and iOS
  • Computer boot process including boot loaders
  • Conducting security evaluation and threat assessments of embedded systems, mobile applications, web applications
  • An understanding of common cryptographic algorithms and protocols including their weaknesses and attacks against them
  • Familiarity with compilers, debuggers, disassemblers, and other low-level development and analysis tools
  • Having hands on real-time embedded C/C++ development experience that includes recent lab activities integrating with and debugging on target hardware.

About The Team
Work Authorization

No calls or agencies please. Vertiv will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future, are not eligible for hire.

Equal Opportunity Employer

We promote equal opportunities for all with respect to hiring, terms of employment, mobility, training, compensation, and occupational health, without discrimination as to age, race, color, religion, creed, sex, pregnancy status (including childbirth, breastfeeding, or related medical conditions), marital status, sexual orientation, gender identity / expression (including transgender status or sexual stereotypes), genetic information, citizenship status, national origin, protected veteran status, political affiliation, or disability.



  • Pune, Maharashtra, India MD Food Product Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    We are seeking a skilled Cheese Production Specialist to manage and oversee all aspects of cheese manufacturing operations, ensuring the highest standards of product quality, food safety, and efficiency. The ideal candidate will have in-depth knowledge of cheese-making processes, milk handling, fermentation, and ripening, along with experience in running...


  • Pune, Maharashtra, India Systems Plus Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Location: PuneEmployment Type: full-timeDesignation: Workday-Security SpecialistJob DetailsJob Summary:The Workday Security Specialist will be responsible for leading, designing, and maintaining all security configurations within Workday. This role will require deep understanding and knowledge of business processes, security domains, and security groups....


  • Pune, Maharashtra, India Product Sense Full time ₹ 8,00,000 - ₹ 12,00,000 per year

    We're building a fast-growingCybersecurity Platformthat helps businesses protect their digital assets with cutting-edge solutions. To fuel this growth, we're looking for anAssociate Product Managerto join our team inPune.What you'll doDefine product requirements, user stories, and backlog items.Partner with clients to understand needs and ensure value...


  • Pune, Maharashtra, India Right Move Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Greetings from Right Move…Please see below the Job Description for'Cyber Security Specialist'.If you find this interesting and in line with your career aspirations,kindly revert to this with your confirmation & updated CV.Role SummarWe are seeking a highly motivated Cybersecurity Specialist – OT to monitor, detect, and respond to cybersecurity incidents...


  • Pune, Maharashtra, India Techmora Full time

    Job Description Cybersecurity SpecialistPosition : Cybersecurity SpecialistExperience : 46 YearsLocation : Pune / BangaloreJob Type : Full-timeNotice Period : 30 DaysAbout the Role : We are seeking skilled Cybersecurity Specialists to join our growing security team. The role will focus on designing and implementing security architectures, conducting...


  • Pune, Maharashtra, India Knorr Bremse Full time ₹ 15,00,000 - ₹ 28,00,000 per year

    Cyber Security SpecialistExperience- 4 to 7 years.Location- PuneQualification- Bachelor of Engineering/Technology - BE/BTech Electronics/Masters in Electronics/Electronics & Telecommunication EngineeringJob Description:Awareness of Cybersecurity Standards IEC 62443 standard (4-1 and 4-2)Develop and implement Test framework/environment for Cybersecurity...

  • Security Specialist

    2 weeks ago


    Pune, Maharashtra, India PINKERTON | Comprehensive Risk Management Full time ₹ 5,00,000 - ₹ 12,00,000 per year

    Overview170+ Years Strong. Industry Leader. Global Impact.At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share...

  • Security Specialist

    1 week ago


    Pune, Maharashtra, India PINKERTON Full time ₹ 2,50,000 - ₹ 7,50,000 per year

    170+ Years Strong. Industry Leader. Global Impact.At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a...

  • Security Specialist

    2 weeks ago


    Pune, Maharashtra, India Pinkerton Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Overview170+ Years Strong. Industry Leader. Global Impact.At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share...


  • Pune, Maharashtra, India Vybog Full time ₹ 8,00,000 - ₹ 24,00,000 per year

    Job Summary:We are seeking a highly skilled and motivated Cybersecurity Specialist with strong programming experience in Go and C#, and hands-on expertise in Vaulting technologies such as HashiCorp Vault. The ideal candidate will have a solid understanding of cybersecurity principles, secure coding practices, and experience working in enterprise environments...