Attack & Penetration Testing
As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
The opportunity
Were looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.
Your key responsibilities
- Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
- Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Execute red team assessments to highlight gaps impacting organizations security postures.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
- Convey complex technical security concepts to technical and non-technical audiences including executives.
- Perform technical quality reviews and conduct technical conversations directly with clients.
- Keep uptodate with the latest techniques and concepts.
- Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
- Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
- Understanding and experience with Active Directory attacks.
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
- Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
- Support SDLC and agile environments with application security testing and source code reviews.
- Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
- Provide technical expertise and guidance to clients on remediation strategies and security best practices.
Skills and attributes for success
- In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
- Good to have knowledge in AI in pen test
- Understanding of TCP/IP network protocols.
- Understanding of network security and popular attacks vectors.
- Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
- Strong understanding of security principles, policies, and industry best practices
- Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
- Excellent communication and presentation skills, both written and verbal.
- Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
- Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.
To qualify for the role, you must have
- BE/ B.Tech/ MCA or equivalent
- Work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
- One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
- Knowledge of Windows, Linux, UNIX, any other major operating systems.
- 1-12 years of work experience in Strategy and Operations projects
- Team management skills are preferred.
- Conduct technical discussions and perform technical Quality reviews.
- Familiarity with OWASP methodologies and application security vulnerabilities.
- Exceptional ability to educate and guide application developers in security best practices.
- Excellent communication, presentation, and interpersonal skills.
- Strong Word, Excel and PowerPoint skills.
Ideally, youll also have
- Project management skills
- Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.
I have received your application for Attack & Penetration Testing role
Are you still looking for a job change with EY?
If yes, please fill the details below :-
Name-
Number-
Email ID-
Highest Qualification-
College/University-
Pass out year-
Current organisation-
Designation-
Total years of experience-
Relevant years into Penetration Testing/Pen Testing (Mandate)-
Additional added advantage:-
Experience in mobile application penetration testing-
Experience in web api/ API security testing-
Experience in security testing or penetration testing-
Experience in network security testing/infra security testing-
Experience in web application security testing-
Current location-
Preferred location-
Current CTC-
Expected CTC-
Notice period-
Kindly explain about your profile here-
Please go through the JD and let me know if it is relevant-