Risk_cyber Security_ngso - Tem_senior Job in Ernst & Young Global Limited

Senior (CTM Threat ExposureManagement)

KEYRESPONSIBILITIES:

• Perform penetration testing whichincludes internet, intranet, wireless, web application, social engineering andphysical penetration testing.

• Execute red team scenarios to highlight gaps impacting organizations security postures.
• Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.
• Provide technical leadership and advise to junior team members on attack and penetration test engagements.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Support SDLC and agile environments with application security testing
• Develop automated solutions that mitigate risks throughout the organization
• Experience with automation through solutions such as Chef, Puppet, Jenkins, and Ansible
• Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
• Ability to automate DAST/SAST solutions and reporting
• Convey complex technical security concepts to technical and non-technical audiences including executives.

To qualify, candidates must have:

• A minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.

• Any two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.

• Knowledge of Windows, Linux, UNIX, any other major operating systems.

• Deep understanding of TCP/IP network protocols.

• Deep understanding and experience with various Active Directory attack techniques.

• Understanding of network security and popular attacks vectors.

• An understanding of web-based application vulnerabilities (OWASP Top 10).

• Experience with manual attack and penetration testing.

• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.).Updated and familiarized with the latest exploits and security trends.

• Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.

• Familiarity to perform network penetration testing in stealth manner.

• Familiarity with dynamic web application vulnerability scanning tools and services (Acunetix, HP WebInspect, IBM AppScan, BurpSuite, IBM AppScan)

• Familiarity with static code analysis tools and services (CheckMarx, Fortify Static Code Analysis tool, Veracode, Coverity, IBM AppScan Source)

• Familiarity with Secure DevOps Integration