Penetration Testing/Infosec Lead

Role: Infosec Lead
Location: Noida, India
www.SEW.ai

Who We Are
SEW, with its innovative and industry-leading cloud platforms, delivers the best Digital Customer Experiences (CX) and Workforce Experiences (WX), powered by AI, ML, and IoT Analytics to the global energy, water, and gas providers. At SEW, the vision is to Engage, Empower, and Educate billions of people to save energy and water. We partner with businesses to deliver platforms that are easy-to-use, integrate seamlessly, and help build a strong technology foundation that allows them to become future- ready.

Searching for your dream job? We are a true global company that values building meaningful relationships and maintaining a passionate work environment while fostering innovation and creativity. At SEW, we firmly believe that each individual contributes to our success and in return, we provide opportunities from them to learn new skills and build a rewarding professional career.

A Couple of Pointers

• We are the fastest growing company with over 420+ clients and 1550+ employees.
• Our clientele is based out in the USA, Europe, Canada, Australia, Asia Pacific, Middle East
• Our platforms engage millions of global users, and we keep adding millions every month.
• We have been awarded 150+ accolades to date. Our clients are continually awarded by industry analysts for implementing our award-winning product.
• We have been featured by Forbes, Wall Street Journal, LA Times for our continuous innovation and excellence in the industry.

Who we are looking

A successful Application Penetration Tester working at SEW should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, operating system functionality, application manipulation, vulnerability discovery, and analysis, as well as exploit development.

This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and network to breach the security of a target system or reverse-engineering an application and encryption method to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications and can present your findings while demonstrating strong analytical skills, then you’re the type of Penetration Tester we’re looking for.

Requirements

• Perform penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities
• Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
• Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc.
• Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to stakeholders

Qualifications

• 5-8 years experience in: Web Application Assessments, Mobile Application Assessments
• Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Kali Linux etc.
• Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, NIST SP800-115
• Source Code Review & Reverse Engineering
• Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification preferred
• Demonstrated experience in one or more computer programming and scripting languages such as Python, Bash, PHP, Java, C#, .NET, Swift, Kotlin, JavaScript, Perl, Ruby
• Reverse engineering malware, data obfuscators, or ciphers
• Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms
• Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis
• Thorough understanding of network protocols, data on the wire, application design and architecture, and different classes of application security flaws
• Computer science degree preferred.