Knowledge and skills required:
- Hands-on working experience in penetration testing of 2 to 4 years.
- Perform in-depth security assessment of web applications, servers, network components, etc.
- Strong exposure and working knowledge of popular application security standards including OWASP top 10, SANS Top 25, etc, and knowledge of leading security practices and regulatory requirements.
- Knowledge of Risk rating standards such as CVSS, DREAD, STRIDE, etc.
- Knowledge and understanding of Operating systems such as Windows, Linux, networking concepts, and security components such as firewalls, IDS/IPS, etc.
- Experience in working with tools such as Burp Suite, Acunetix, OWASP ZAP scanner, Nessus, Qualys, SqlMap, NMap, WireShark, Fiddler, or any equivalent security tool.
- Good knowledge of scripting languages to automate the given tasks.
Good to have:
- Experience in performing manual source code reviews.
- Mobile application security assessment.
- Microservices Pentesting.
- Good understanding of cloud technologies and working experience on AWS, Dockers, etc.
- Certification like CEH, CompTIA Security+, etc
Additional Skills:
- More than 4 years of experience in penetration testing & previous experience as a team leader or manager.
- Ability to develop secure code practices and provide hands-on training to development teams.
- Ability to work without relying on automated scanners.
- Ability to work with cross-functional teams to align and prioritize remediation efforts.
Candidates possessing the above requirements along with additional skills canbe considered for a Senior Position with higher Perks.