Operations (Penetration Tester)
Number of Openings |
2 |
ECMS ID in sourcing stage |
|
Assignment Duration |
6 months |
Total Yrs. of Experience |
Same or more than relevant years of experience given below |
Relevant Yrs. of experience |
At least 9 years of experience |
Detailed JD (Roles and Responsibilities) |
Penetration Tester (Web, API, Network), Red Teaming and Purple Teaming. |
Web Application Penetration Testing: Identifying vulnerabilities in web applications, including common OWASP Top 10 risks. | |
API Penetration Testing: Assessing the security of APIs, understanding common API vulnerabilities and authentication mechanisms. | |
Network Penetration Testing: Conducting internal and external network assessments, exploiting infrastructure weaknesses. | |
Red Teaming: Simulating sophisticated attacks to test organizational defenses and incident response capabilities. | |
Purple Teaming: Collaborating with defensive teams to improve security posture through shared insights from simulated attacks. | |
Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities identified. | |
Collaborate with application security and information technology personnel to schedule, test and provide findings for penetration testing. | |
Tools expertise needed for above skills mentioned below and not limited to : | |
Web Application and API PT: BurpSuite, Postman | |
Network Pen Test: Metasploit Framework, Nmap, Responder, BloodHound, Hydra / Medusa, John the Ripper / Hashcat, Wireshark / tcpdump, Ettercap, mitmproxy | |
Infra VM: Rapid7/Qualys/Nessus, | |
Red & Purple Teaming Tools: Cobalt Strike, Brute Ratel C4, Empire / Starkiller (Powershell Empire), PoshC2, Maltego,Shodan, Recon-ng, Social-Engineer Toolkit (SET), Gophish, Payload obfuscators, CrackMapExec | |
| |
Mandatory skills |
Pen Testing experience on Web, API and Network. Red Teaming and Purple Teaming |
Desired/ Secondary skills |
Infrastructure Vulnerability management |
Domain |
|
Max Vendor Rate in Per Day (Currency in relevance to work location) |
12000 INR / Day |
Work Location given in ECMS ID |
Offshore |
WFO/WFH/Hybrid WFO |
Hybrid WFO |
BG Check (Before OR After onboarding) |
Before |
Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO |
Morning Shift (05:30 AM to 2:45 PM) / Second shift (02:00 PM to 11:15 PM) |
