Principal, Penetration Tester-IND
Chennai, TN, India
Job ID: 36691
Description Key Responsibilities:
Education / Work Experience:
- Assist to create, leverage automation, continuously develop, maintain and mature Offensive Security Program.
- Be a resourceful part of the talented team responsible for application and infrastructure penetration testing, supporting external vulnerability reports and overall vulnerability management.
- Perform penetration testing coverage across the global organization. Perform independent manual penetration tests of cloud and global IT infrastructure, web application, APIs, and IOT devices in our warehouse and logistics centers.
- Work with external vendors when third party penetration reports are required.
- Work closely with on- and off-shore testing teams and external vendors (when third party input is required) to test and deliver quality penetration reports.
- Provide appropriate knowledge transfer to off-shore testers to assist in testing efforts Review all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities.
- Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
- Coach and mentor junior engineers in penetration testing techniques. Ensure knowledge creation around common vulnerabilities within the landscape and corresponding remediation practices.
- Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company.
- Utilize penetration testing tools, custom scripts, exploits, related automation, and innovation.
- Establish priorities over near-to-medium term.
- Build processes that speed up the discovery and resolution of findings. Work closely with developers and architects on identifying security issues early in the development cycle.
- Bachelor’s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
- A year or more working in a "work from home" / remote capacity.
- Work Experience: Minimum 8 years functional experience including a minimum of 5+ years of penetration testing, red teaming, or similar experience.
- Preferred 5+ years of strong hands-on experience in application and network penetration testing, vulnerability risk management and providing remediation recommendations. – actual experience in a penetration tester role is mandatory. 5 years of Application and Network Pen Testing is preferred.
- Preferred Certifications: OSCP, OSCE, OSEE, OSWE, GWAPT, GPEN, GXPN, or equivalent certification, work experience, or skills.
Knowledge / skills:
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security. - mandatory
- Experience with cloud service providers and their offerings. - preferred
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors. - mandatory
- Experience using vulnerability scanning software such as Nessus, teanable.io, tenable.sc, or similar. - mandatory
- Strong technical understanding of CVSS, OWASP Top 10, SANS top 25, and Vulnerability Exploitability ratings - mandatory
- Experience with multiple Operating systems (Linux, Unix, Windows) - mandatory
- Development and/or architecture familiarity mobile applications, specifically iOS and Android - preferred
- Penetration testing experience with DevOps related technologies such as Docker, Kubernetes, and CI/CD tool environments. – preferred
- Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices) - experience with pen testing hardware is just preferred
- Strong programming experience and the ability to code exploits in at least one language, including but not limited to Ruby, Python, Powershell, or BASH. – Knowledge of basic coding concepts is mandatory
- Experience using Metasploit, Burp Suite, Nmap, and security assessment focused Linux distributions, such as Kali. – Experience with burp suite, and nmap is mandatory. Metasploit is just preferred, but candidate should know what it is at least
- Ability to execute and demonstrate known exploits as well as writing custom exploits to target specific security weaknesses. - Ability to demonstrate exploits is mandatory, ability to write custom exploits is just preferred
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness. – Experience writing Vulnerability Assessment and Pen Test Reports is mandatory
- Pass a proficiency exam related to the role.