Vulnerability Analysis & Penetration Testing Analyst

Job Summary/Objective:

Maintain IT Security Compliance of IT Infrastructure (Hardware Software Configuration)

Qualifications: Graduate In IT(Minimum)

Skills:

• • Knowledge of tools: Nessus, Burp Suite, HCL Appscan, Qualys, OWASP ZAP, Wireshark, Nmap, Postman, Kali Linux
  • Manual Web Mobile (iOS Android) Application Penetration Testing ( SAST and DAST ) as per OWASP guidelines or SANS guidelines
  • API security assessment (REST/SOAP)
  • Network Devices VAPT
  • Host VAPT
  • Knowledge of Web Application Development Concepts (HTML/JavaScript)
  • Knowledge of Cryptographic standards - Encryption, Hashing, Digital certificate for all the applications and suggesting the best standards based of the purpose of the application.
  • Knowledge of Configuring web applications for dynamic scanning using any of the authentication methods like Basic authentication, Forms authentication etc., role of cookies Token
  • Understanding of threat modeling like using STRIDE and the ability to simulate attacks.
  • Knowledge of encryption technologies, PKI, and identity and access management (IAM) solutions.
  • Passion for cybersecurity and a hacker mindset with a commitment to ethical hacking.
  • Ability to document findings clearly and provide actionable recommendations.

(Nice to Have Skills)

• • Red Teaming Concepts tools like Metasploit etc.
  • VAPT in AWS Azure Cloud Environment
  • Familiarity with SIEM (Security Information and Event Management) tools for log and event monitoring (Nice to Have)

Certifications: (Optional but Preferred)

• Certified Ethical Hacker (CEH).
• Offensive Security Certified Professional (OSCP).
• Certified Information Systems Security Professional (CISSP).
• GIAC Penetration Tester (GPEN).
• CompTIA Security+.
• CREST Registered Penetration Tester

Personal attributes:

• Excellent communication skills, both verbal and written.
• Training Presentation Skill
• Effectively articulate ideas, convey information.
• Establishing rapport, actively listen to customer needs and concerns, and demonstrate empathy.
• Address customer inquiries or issues promptly and professionally.
• Clear and concise communication is essential for understanding requirements expectations.

Work Environment: Posting at Faridabad May have to travel Greater Noida/Chennai/Overseas

Responsibilities/Duties:

Main Tasks:

• Perform vulnerability assessments and penetration testing on network infrastructures, web applications, and systems to identify security gaps.
• Conduct both manual and automated testing to uncover potential weaknesses, including exploiting vulnerabilities to demonstrate impact.
• Work with development, operations, and security teams to remediate vulnerabilities and verify fixes.
• Monitor and assess the network, system, and web application security for possible threats.
• Create detailed reports on findings, including risk assessments and remediation guidance.
• Research and stay updated on emerging vulnerabilities, attack vectors, and new security tools/technologies.
• Assist in the development and improvement of internal security tools and processes.
• Conduct security audits and develop security assessments for compliance with industry standards and regulations (e.g. ISO20001)
• Collaborate with external teams and vendors when necessary for third-party penetration testing.
• Participate in incident response activities, analyzing security incidents and recommending corrective measures.
• Co-ordination with QAG (Quality Assurance Group) for IT process formation Security Auditing

Other Tasks

• Identify potential risks or issues before they escalate
• Ability to stay updated with the latest security vulnerabilities and attack techniques.
• Embrace change, adapt quickly to shifting IT Security needs or conditions.
• Proactively seek new opportunities of improvements and Adjust IT Security strategies accordingly
• Stay updated on industry trends to implement relevant Security solutions
• Pay attention to details to ensure project requirements and deliverables are met accurately
• Review project documentation, monitor progress
• Work closely with diverse teams, stakeholders, and clients
• IT Monthly Reports preparation Presentation to Senior Management
• Provide Consultancy to the Customers