Job Purpose – 

1. Run periodic penetration tests and vulnerability assessments on the infrastructure and applications of WAISL and its clients.
2. Actively search for vulnerabilities and other cybersecurity risks that affect WAISL and its clients.
3. Alert, advise and drive action with the respective teams for mitigating potential zero-day vulnerabilities that could affect WAISL and its clients.
4. Serve as a subject matter expert in the development of WAISL’s vulnerability management program, infrastructure, processes, and people capabilities.

 Role Responsibilities:

• Develop and implement a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) program for WAISL clients.
• Use VAPT tools to scan for vulnerabilities and create penetration testing reports.
• Verify the closure of critical vulnerabilities and ensure that findings have been addressed.
•  Produce draft and final VAPT reports.
• Verify compliance with relevant standards and regulations (e.g., ISO 27001, AVSEC etc)
•  Integrate security into DevOps and enable security automation in CI/CD pipeline.
• Keep WAISL and clients up-to-date with emerging technologies and corresponding security threats.
• Work with other teams to ensure the security of WAISL & Clients’ IT infrastructure.
• Provide insight into security flaws and offer advice on how to remedy them.
• Perform in-depth security analysis of various elements of the system to test its overall security.
• Differentiate between flaws that can be exploited to cause damage and those that cannot. Advice the security leads accordingly.
• Attempt to exploit vulnerabilities in the system to determine whether unauthorized access or other malicious activity is possible.
• Measure the severity of each exploitable flaw and determine how damaging it could be in a real attack.
• Conduct various types of vulnerability assessments (e.g. network-based, host-based, application-based, wireless-based) to identify, evaluate, and report on security weaknesses.
• Use VA tools (e.g. OpenVAS, Nessus, Nexpose) to help conduct vulnerability assessments.
• Follow the VA lifecycle (identification, evaluation, remediation, verification, monitoring) to continuously track and address vulnerabilities
• Simulate the tactics of cybercriminals to test the ability of systems and networks to withstand real-world cyberattacks
• Provide a clear picture of the organization’s security posture and empower the organization to take proactive measures to safeguard its digital assets.

Educational Qualification

• A bachelor’s degree in Computer science/IT/Electronics engineering, MCA or equivalent University degree.
• ∙ One or more of the following certifications is essential:
  • OSCP, CEH, LPT, GPEN, GWAPT, GXPN, CompTIA PenTest+

Experience

• Minimum of 5-8 years of experience in the IT security industry, preferably working in a SOC/NOC environment

Skills

Technical Skills:

• Strong understanding of network security, application security, and ethical hacking.
• Hands-on experience with popular security tools such as Nessus, Burpsuite, Netsparker, Metasploit, and KALI.
• Good understanding of coding & Scripting languages
• Working knowledge of CIS Security benchmarks
• Experience in penetration testing of Infra/web/mobile, wired & wireless networks
• CTF Pentest standards and methodologies
• OWASP

Soft Skills

• Strong problem-solving and analytical skills.
• Should be able to think critically and creatively to identify and address security vulnerabilities.
• Should be able to work well in a team and collaborate effectively with others, both in person and remotely.
• Strong presentation skills
• Excellent communication skills.
• Strong interpersonal skills.
• Must have the ability to work with minimal levels of supervision or oversight and adhere to security policies
• Excellent proficiency in English.
• It is preferable if the candidate can speak Hindi and Telugu.