Creencia esearch
Location
Udupi | India
Job description
Must Have : VAPT testing Expert , 4.5 - 8 years Description : We are seeking a highly motivated, skilled, and experienced VAPT testing expert to join our growing team. As a penetration tester, you will be responsible for designing, implementing, and maintaining our organization's security infrastructure. You will also be responsible for conducting vulnerability assessments and penetration Testing to identify, exploit, and remediate security vulnerabilities in web applications, mobile applications, APIs, networks, and infrastructure. Key Responsibilities : - Experience in web application security assessments, hands-on techniques for identifying SQL injections, XSS, CSRF, authentication, and the OWASP top 10 issues. - Good knowledge of security technologies for secure software development, such as cryptography, authentication techniques and protocols, etc. - Experience with both commercial and open source tools (BurpSuite, AppScan, SQLMAP, OWASP Zap, WebInspect, Appspider, NMAP, and W3AF). - Proven experience in identifying and exploiting business logic and framework-related vulnerabilities. - Conduct authorized penetration tests on our organization's systems and applications to identify and remediate security vulnerabilities - Simulate real-world attacks to identify weaknesses in our organization's security defenses. - Automate penetration and other security testing on networks, systems and applications - Have vast experience in removing false positives and analyzing dynamic scans and reports. - Knowledge of secure SDLC and security standards like NIST, OWASP, CWE, and OSSTMM. - Provide expert advice and recommendations to the application development team. Technical Experience : - Experience in performing penetration testing on enterprise networks, web applications, APIs, and mobile applications. - Expertise with common web vulnerabilities, including XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-Side - Request Forgery, Remote Execution Flaws, Server Side Configuration Flaws, DDOS attacks, Brute force attacks and authentication flaws. - Experience in performing reverse engineering for APIs and mobile applications. - Strong understanding of Cybersecurity principles, practices, and methodologies, including network security, application security, and incident response. - Experience in developing actionable intelligence based on Open -Source intelligence(OSINT) gathering. -Experience with one or more scripting languages such as Python, Bash, Perl, PowerShell, Java. - Experience on both commercial and open source tools such as Kali Linux, Metasploit, BurpSuite, AppScan, OWASP Zap, Appspider, WebInspect, sqlmap,nmap,and others. Additional Preferred Qualifications : - Certified in one of the industry-recognized penetration testing skills (OCSP, LPT, Comptia Pen test, GPEN, GXPN) -Experience with cloud security and security automation tools. - Certifications in Cybersecurity, such as Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP). (ref:hirist.tech)
Job tags
Salary
