Security Analyst - Penetration tester

Knowledge and skills required:

• Hands-on working experience in penetration testing of 2 to 4 years.
• Perform in-depth security assessment of web applications, servers, network components, etc.
• Strong exposure and working knowledge of popular application security standards including OWASP top 10, SANS Top 25, etc, and knowledge of leading security practices and regulatory requirements.
• Knowledge of Risk rating standards such as CVSS, DREAD, STRIDE, etc.
• Knowledge and understanding of Operating systems such as Windows, Linux, networking concepts, and security components such as firewalls, IDS/IPS, etc.
• Experience in working with tools such as Burp Suite, Acunetix, OWASP ZAP scanner, Nessus, Qualys, SqlMap, NMap, WireShark, Fiddler, or any equivalent security tool.
• Good knowledge of scripting languages to automate the given tasks.

Good to have:

• Experience in performing manual source code reviews.
• Mobile application security assessment.
• Microservices Pentesting.
• Good understanding of cloud technologies and working experience on AWS, Dockers, etc.
• Certification like CEH, CompTIA Security+, etc

Additional Skills:

• More than 4 years of experience in penetration testing & previous experience as a team leader or manager.
• Ability to develop secure code practices and provide hands-on training to development teams.
• Ability to work without relying on automated scanners.
• Ability to work with cross-functional teams to align and prioritize remediation efforts.

Candidates possessing the above requirements along with additional skills canbe considered for a Senior Position with higher Perks.