Performs Vulnerability Assessment and Penetration Testing
SME in Infrastructure and/or Application Security and provides consultative recommendations in discussions related to Vulnerability Assessment and Penetration Testing
Uses manual testing techniques and methods to gain a better understanding of the applications/mobile app environment and reduce false negatives.
Documents findings and recommendations, and present with stakeholders from technical team (Development, Infrastructure) and non-technical team (Operations, Management)
Conducts security assessments aligned with industry best practice and standards
Key Skills/Experience:
Has more than 3 years experience in Information Technology
Specific 2-3 years experience in security testing (VAPT, Source Code Review, Configuration Review, Architecture Review, Controls Review) (Preferred)
Specific 2 years experience in Governance, Risk and Compliance (Secondary)
Strong knowledge in System & Network Infrastructure, API and Mobile Application Development (Preferred)
In-depth knowledge of OWASP Top 10 and CVEs, and the ability to effectively communicate methodologies and techniques with development teams and operations
Strong knowledge on information security standards and guidelines such ISO 27001/2, NIST, CIS, PCI DSS and SWIFT CSP (Secondary)
Hands-on experience with security testing tools such as Nessus, Burpsuite, Qualys and others
Understanding of Cloud Compute, Storage, Security and Virtualization best practice
Experience of working on Unix, Windows & Linux platform
Has good communication skills to explain technical details with both technical team and non-technical team
Has at least one of the following certifications: EC Council CEH or Mile2 CPEH (Preferred Primary), CompTIA Security+, ISMS Lead Auditor or ISACA CISA or other certifications such as ISC2, CompTIA, EC Council, OSCP, CREST or SANS
