Risk_cyber Security_ngso - Tem_senior Job in Ernst & Young Global Limited
Risk_cyber Security_ngso - Tem_senior
- Bengaluru, Bangalore Urban, Karnataka
- Not Disclosed
- Full-time
- Permanent
Senior (CTM Threat ExposureManagement)
KEYRESPONSIBILITIES:
Perform penetration testing whichincludes internet, intranet, wireless, web application, social engineering andphysical penetration testing.
- Execute red team scenarios to highlight gaps impacting organizations security postures.
- Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.
- Provide technical leadership and advise to junior team members on attack and penetration test engagements.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Support SDLC and agile environments with application security testing
- Develop automated solutions that mitigate risks throughout the organization
- Experience with automation through solutions such as Chef, Puppet, Jenkins, and Ansible
- Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
- Ability to automate DAST/SAST solutions and reporting
- Convey complex technical security concepts to technical and non-technical audiences including executives.
To qualify, candidates must have:
A minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.
Any two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
Knowledge of Windows, Linux, UNIX, any other major operating systems.
Deep understanding of TCP/IP network protocols.
Deep understanding and experience with various Active Directory attack techniques.
Understanding of network security and popular attacks vectors.
An understanding of web-based application vulnerabilities (OWASP Top 10).
Experience with manual attack and penetration testing.
Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.).Updated and familiarized with the latest exploits and security trends.
Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
Familiarity to perform network penetration testing in stealth manner.
Familiarity with dynamic web application vulnerability scanning tools and services (Acunetix, HP WebInspect, IBM AppScan, BurpSuite, IBM AppScan)
Familiarity with static code analysis tools and services (CheckMarx, Fortify Static Code Analysis tool, Veracode, Coverity, IBM AppScan Source)
Familiarity with Secure DevOps Integration
Fresher
2 - 4 Hires