-Conducting Vulnerability Assessment and Penetration Testing through Automated tools and providing the recommendations toward the mitigation of vulnerabilities
-Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
-Map out a network, discover ports and services running on the different exposed network and security devices
-Conduct penetration test and launch exploits using Nessus, Metasploit, Backtrack penetration testing distribution tools sets
-Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
-Analyze scan reports and suggest remediation / mitigation plan
-Keep track of new vulnerabilities on various network and security devices for different vendors
-Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
-Advanced technical analysis on intrusions
-Audit configuration of Network and Security devices
-Providing rich client specific reports
-Experience on network vulnerability scanning penetration testing
-Experience with Nessus NetCat, NMAP Backtrack, Metasploit,,HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone)
Desired Qualification : Bachelor in Engineer and relevant field
Certifications : OSCP.
Certifications (desirable) -OSCE / OSWP
Desired Experience Profile :
-Overall experience in the field of Information risk and security related initiatives/ projects
-Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
-Ability to understand business concepts and integrate business risk elements into security operations.
-Experience in conducting VAPT
-Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro)
-Strong ethics and understanding of ethics in business and information security
-Should have exposure to Code review, Network VA/PT and App VA/PT work
-Understanding and familiarity with common code review methods and standards
-Experience with code scanning toolsets such as Fortify and Ounce
-Understanding of HTTP and web programming
-Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices
-Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)
-In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database