Intect - Network Penetration Tester - Qualys/OWASP (5-8 yrs)

Job Summary :

We are seeking a skilled Network Penetration Tester to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities, assessing security risks, and providing actionable recommendations to enhance the organization's security posture. This role involves using automated tools and manual methods to test network infrastructure, applications, and systems, ensuring compliance with industry standards and regulations.

Key Responsibilities :

- Clarify scope and requirements in scoping calls, addressing whitelistings and compliance considerations.

- Verify customer scope and ensure all prerequisites are met before testing.

- Send kickoff emails and initiate testing processes.

- Conduct vulnerability scanning using tools like Qualys.

- Perform asset discovery scans using Horizon3.ai.

- Execute external penetration tests with Horizon3.ai.

- Investigate potential security breaches and vulnerabilities with tools like SpyCloud.

- Utilize Wappalyzer and Shodan for identifying potential vulnerabilities.

- Attempt account enumeration and password analysis using SpyCloud.

- Conduct manual testing and exploitation of targets where necessary.

- Validate vulnerabilities identified by scanning tools.

- Check for common vulnerabilities in IP pages and associated assets.

- Prepare comprehensive and detailed reports using tools like PlexTrac.

Qualifications and Skills :

- Education : Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience).

- Experience : Proven experience as a Network penetration tester or in a similar role.

Technical Expertise :

- Strong understanding of OWASP Top 10 vulnerabilities, network security principles, and web application security standards.

- Proficiency in tools such as Qualys, Horizon3.ai, Wappalyzer, Shodan, SpyCloud, Burp Suite, OWASP ZAP, Metasploit, and Nessus.

- Hands-on experience with network protocols (TCP/IP, HTTP, DNS, FTP, etc.).

- Expertise in SSL vulnerability assessment and remediation techniques.

- Experience in scripting/coding with languages like Python, Bash, or PowerShell.

- Certifications : OSCP, CEH, GPEN, CISSP, or similar certifications are highly desirable.

Soft Skills :

- Ability to explain technical issues to non-technical stakeholders effectively.

- Strong analytical, problem-solving, and communication skills.

Preferred Skills :

- Familiarity with compliance standards such as PCI DSS, HIPAA, GDPR, and ISO 27001.

- Experience with advanced tools like Qualys, Tenable.io and Tenable.ot.

- Knowledge of common web servers (IIS, Apache, WebSphere, Tomcat).

- Understanding of cybersecurity frameworks (NIST, CIS).

- Certifications such as CISSP or CISM are a plus.