Job Purpose –
- Run periodic penetration tests and vulnerability assessments on the infrastructure and applications of WAISL and its clients.
- Actively search for vulnerabilities and other cybersecurity risks that affect WAISL and its clients.
- Alert, advise and drive action with the respective teams for mitigating potential zero-day vulnerabilities that could affect WAISL and its clients.
- Serve as a subject matter expert in the development of WAISL’s vulnerability management program, infrastructure, processes, and people capabilities.
- Develop and implement a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) program for WAISL clients.
- Use VAPT tools to scan for vulnerabilities and create penetration testing reports.
- Verify the closure of critical vulnerabilities and ensure that findings have been addressed.
- Produce draft and final VAPT reports.
- Verify compliance with relevant standards and regulations (e.g., ISO 27001, AVSEC etc)
- Integrate security into DevOps and enable security automation in CI/CD pipeline.
- Keep WAISL and clients up-to-date with emerging technologies and corresponding security threats.
- Work with other teams to ensure the security of WAISL & Clients’ IT infrastructure.
- Provide insight into security flaws and offer advice on how to remedy them.
- Perform in-depth security analysis of various elements of the system to test its overall security.
- Differentiate between flaws that can be exploited to cause damage and those that cannot. Advice the security leads accordingly.
- Attempt to exploit vulnerabilities in the system to determine whether unauthorized access or other malicious activity is possible.
- Measure the severity of each exploitable flaw and determine how damaging it could be in a real attack.
- Conduct various types of vulnerability assessments (e.g. network-based, host-based, application-based, wireless-based) to identify, evaluate, and report on security weaknesses.
- Use VA tools (e.g. OpenVAS, Nessus, Nexpose) to help conduct vulnerability assessments.
- Follow the VA lifecycle (identification, evaluation, remediation, verification, monitoring) to continuously track and address vulnerabilities
- Simulate the tactics of cybercriminals to test the ability of systems and networks to withstand real-world cyberattacks
- Provide a clear picture of the organization’s security posture and empower the organization to take proactive measures to safeguard its digital assets.
- A bachelor’s degree in Computer science/IT/Electronics engineering, MCA or equivalent University degree.
- ∙ One or more of the following certifications is essential:
- OSCP, CEH, LPT, GPEN, GWAPT, GXPN, CompTIA PenTest+
- Minimum of 5-8 years of experience in the IT security industry, preferably working in a SOC/NOC environment
- Strong understanding of network security, application security, and ethical hacking.
- Hands-on experience with popular security tools such as Nessus, Burpsuite, Netsparker, Metasploit, and KALI.
- Good understanding of coding & Scripting languages
- Working knowledge of CIS Security benchmarks
- Experience in penetration testing of Infra/web/mobile, wired & wireless networks
- CTF Pentest standards and methodologies
- Strong problem-solving and analytical skills.
- Should be able to think critically and creatively to identify and address security vulnerabilities.
- Should be able to work well in a team and collaborate effectively with others, both in person and remotely.
- Strong presentation skills
- Excellent communication skills.
- Strong interpersonal skills.
- Must have the ability to work with minimal levels of supervision or oversight and adhere to security policies
- Excellent proficiency in English.
- It is preferable if the candidate can speak Hindi and Telugu.