Risk_cyber Security_ngso - Tem_staff Job in Ernst & Young Global Limited
Risk_cyber Security_ngso - Tem_staff
- Bengaluru, Bangalore Urban, Karnataka
- Not Disclosed
- Full-time
- Permanent
EY-Cyber Security-TEM StaffConsulting- Risk
As part of our EY-cyber security team, you shall performpenetration testing which includes internet, intranet, wireless, webapplication, social engineering and physical penetration testing. You shallalso perform in-depth analysis of penetration testing results and create reportthat describes findings, exploitation procedures, risks and recommendations.
The opportunity
Were looking for Security Analyst with expertise in penetrationtesting. This is a fantastic opportunity to be part of a leading firm whilstbeing instrumental in the growth of a new service offering.
Your key responsibilities
Perform penetration testing whichincludes internet, intranet, web application, wireless, social engineering,physical penetration testing.
Execute red teamassessments to highlight gaps impacting organizations security postures.
Identify and exploitsecurity vulnerabilities in a wide array of systems in a variety of situations.
Perform in-depthanalysis of penetration testing results and create report that describesfindings, exploitation procedures, risks and recommendations.
Execute penetrationtesting projects using the established methodology, tools and rules of engagements.
Convey complextechnical security concepts to technical and non-technical audiences includingexecutives.
Strong knowledge ofOWASP Top 10 web and the ability to effectively communicate methodologies andtechniques with development teams
Ability to automateDAST/SAST solutions and reporting
Support SDLC andagile environments with application security testing and source code reviews.
Provide technicalleadership and advise to junior team members on attack and penetration testengagements.
Develop automatedsolutions that mitigate risks throughout the organization.
Understanding andexperience with Active Directory attacks.
Understanding of TCP/IP networkprotocols.
Skills and attributes for success
Experience with automation through solutionssuch as Chef, Puppet, Jenkins, and Ansible.
Experience withscripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.)updated and familiarized with the latest exploits and security trends.
Familiarity withdynamic web application vulnerability scanning tools and services (Acunetix, HPWebInspect, IBM AppScan, BurpSuite, IBM AppScan)
Familiarity withstatic code analysis tools and services (CheckMarx, Fortify Static CodeAnalysis tool, Veracode, Coverity, IBM AppScan Source)
Familiarity withSecure DevOps Integration.
Understanding andexperience with Active Directory attacks.
Understanding ofTCP/IP network protocols.
Understanding ofnetwork security and popular attacks vectors.
Understanding ofweb-based application vulnerabilities (OWASP Top 10).
Experience with scripting / programmingskills (e.g., Python or PowerShell or Java or Perl etc.).
To qualify for the role, you must have
BE/ B.Tech/ MCA.
Minimum of 1 yearof work experience in penetration testing which may include at least three ofthe following: internet, intranet, web application penetration tests, wireless,social engineering, physical and Red Team assessments.
One of thefollowing certifications: OSCP, OSWP, GPEN, GWAPT.
Knowledge of Windows, Linux, UNIX, any other major operating systems.
2-4 years of work experience in Strategy and Operations projects
Strong Excel and PowerPoint skills.
Ideally, youll also have
Project management skills
Certifications: OSCP, OSWP, GPEN, GWAPT.
What we look for
Whocan perform penetration testing which includes internet, intranet, wireless,web application, social engineering and physical penetration testing andprovide analysis for the testing results.
Fresher
2 - 4 Hires