MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious
1

Pen Tester

Location Bengaluru, India
Posted 20-March-2021
Description
NETWORK & LINKS:

The Selected candidate report to Manager - Cybersecurity Excellence Center and will work with a highly motivated Cybersecurity team involved in vulnerability watch and management, vulnerability assessment, scanning and ethical hacking for Alstoms solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital Mobility division.


INTERNAL

The candidate will have strong links internally with

Program Managers
Product / Software Development Teams
Alstom IT Organisation


EXTERNAL

Regional Cybersecurity Managers
Platform Cybersecurity Managers
Program / Project Cybersecurity Managers
Product & Systems Team


OVERALL PURPOSE OF THE ROLE:

We are currently seeking individuals interested in helping us to build and maintain a variety of tooling that Alstom uses to maintain and improve our security posture. Penetration Tester is to lead vulnerability assessments for Alstom products and solution, Perform vulnerability scan, policy scan, penetration test and other security assessments. He also performs vulnerability watch and management, alert the Products and Platforms for existing or new Vulnerabilities that could potentially impact them. Maintain the vulnerability management system and ensure SLAs of the vulnerability management process. He will also be part of the incident response team (PSIRT), perform first level of analysis and participate in vulnerability remediation workflow.


RESPONSIBILITIES:

The Pen Tester perform the following activities:

Lead a team of Cybersecurity Engineers and responsible for the Penetration Test, Vulnerability scan, Policy Compliance scan and Web Application scan with the help of tools like Qualys or any other industry standard tools and provide the analysis to the programs/projects.
Lead a team of Cybersecurity Engineers and responsible for the Penetration test to evaluate the security by safely trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour.
Perform vulnerability watch on Alstoms solution and projects and alert the responsible teams for existing or new Vulnerabilities that could potentially impact them.
Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups
Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment
Provide internal training on Cybersecurity, vulnerability management process and tools.


Qualifications & Skills:

Prior experience in vulnerability assessment, vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Minimum 8 years of experience in performing vulnerability scan, pen tests/vulnerability assessments and vulnerability management, desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain.


EDUCATION

Bachelors or Masters in Computer Science, Information Technology or equivalent
ISA 62443 certification and/or ECSA and OSCP certifications preferred.
Desirable to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, CEH, CISM, and Comptia Pen test .


BEHAVIORAL COMPETENCIES:

Have prior team management experience and as Wells as a string individuel Player.
Be Innovative and be aligned to new technologies, methods and tools
Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization.
Prior experience in working with European customer is desirable.


TECHNICAL COMPETENCIES & EXPERIENCE

Having good experience and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks.
Prior knowledge of security assessment on SCADA and IOT devices.
Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell)
Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark
Experience with static analysis tools and software composition analysis tools
Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE)
Considerable knowledge on programming languages (e.g. Java, C, C, C#.NET, Scripting languages)
Knowledge of some security solutions and areas, such as: BRP / DRP, GRC, IAM, DLP, PKI, SOC, IDS / IPS, SAP, security, etc.
A strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc.
Main standards and regulations such as: ISO 2700X, ISA 62443 and NIST..
Experience presenting to or training technical audiences a plus.
A technical writing experience is a plus.


EXPERIENCE / SKILL SET

Manual Penetration Testing and Application Security Testing skills
Platform - Kali Linux, Windows, CentOS, Red Hat
Discovery: Netdiscover, nmap, masscan
Services: Nmap, masscan
Enumeration: enum4linux, smbclient
Application Layer Testing: DirBuster, Nikto
Exploitation: Hydra, MetaSploit, SQLMap
Vulnerability scan, Web App scan, Policy compliance scan: Qualys, Tenable
Web Scanners: Qualys, NetSparker, Acunetix, Burpsuite Pro
Network Scanners: Qualys, Nessus


Language Skills: Proficient in English language
IT Skills: MS office tools (Word, Excel, PowerPoint), Visio.
Experience
Min 8 to 11 Years.

 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url