Penetration Test Engineer - Vulnerability Assessment (10-15 yrs)

About the Role :

We are seeking a highly skilled and experienced Penetration Tester to join our security team. You will be responsible for identifying and exploiting vulnerabilities in our systems and applications, helping us to proactively improve our security posture. This role requires a deep understanding of security principles, penetration testing methodologies, and various security tools.

Responsibilities :

- Conduct penetration testing assessments of web applications, mobile applications, network infrastructure, and other systems.

- Identify and document security vulnerabilities, including their potential impact and remediation recommendations.

- Develop and execute penetration testing plans and reports.

- Perform vulnerability scanning and analysis.

- Simulate real-world attack scenarios to test the effectiveness of security controls.

- Collaborate with development and IT teams to remediate identified vulnerabilities.

- Research and stay up-to-date on the latest security threats, vulnerabilities, and penetration testing techniques.

- Contribute to the development and improvement of security policies and procedures.

- Communicate security findings effectively to both technical and non-technical audiences.

- Participate in red team exercises and other security assessments.

Required Skills :

- Penetration Testing Methodologies : Deep understanding of penetration testing methodologies (e.g., OWASP, NIST).

- Vulnerability Assessment : Experience with vulnerability scanning and assessment tools (e.g., Nessus, QualysGuard).

- Exploit Development : Ability to develop and utilize exploits for identified vulnerabilities.

- Web Application Security : Strong understanding of web application security vulnerabilities (e.g., OWASP Top 10).

- Mobile Application Security : Experience with mobile application security testing (iOS and Android).

- Network Security : Knowledge of network security protocols and vulnerabilities.

- Security Tools : Proficiency in using penetration testing tools (e.g., Metasploit, Burp Suite, Nmap).

- Scripting/Programming : Familiarity with scripting or programming languages (e.g., Python, Bash, Ruby) for automation and tool development.

- Reporting : Excellent report writing and communication skills.

Preferred Skills (Optional) :

- Cloud Security : Experience with cloud security testing (AWS, Azure, GCP).

- Social Engineering : Knowledge of social engineering techniques.

- Reverse Engineering : Familiarity with reverse engineering concepts.

- Malware Analysis : Experience with malware analysis.

- Certifications : Relevant security certifications (e.g., OSCP, CEH, GPEN, CISSP).