12
applicants
Cyber Security - Penetration testing
GSS HR Sri Lanka
Sri Lanka -
Full-time
The opportunity
We’re looking for a Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.
Your key responsibilities
- Perform penetration testing which includes internet, intranet, web application, wireless, social engineering, physical penetration testing.
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Execute red team assessments to highlight gaps impacting organizations security postures.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
- Convey complex technical security concepts to technical and non-technical audiences including executives.
- Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
- Understanding and experience with Active Directory attacks.
- Understanding of TCP/IP network protocols.
- Develop automated solutions that mitigate risks throughout the organization.
- Ability to automate DAST/SAST solutions and reporting
- Support SDLC and agile environments with application security testing and source code reviews.
- Provide technical leadership and advise to junior team members on attack and penetration test engagements.
Skills and attributes for success
- Understanding of web-based application vulnerabilities (OWASP Top 10).
- Good understanding of enterprise security controls in Active Directory / Windows environments
- Understanding of TCP/IP network protocols.
- Understanding of network security and popular attacks vectors.
- Ability to communicate detailed technical information to a non-technical audience clearly
- Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
- Strong understanding of security principles, policies, and industry best practices
- Demonstrable flair for technical writing, including engagement reports, presentations and operating procedures
To qualify for the role, you must have
- BE/ B.Tech/ MCA or equivalent
- Senior category (with more than 4 years of experience in Penetration Testing), and Staff category (with more than 1.5 years of experience in Penetration Testing).
- One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
- Knowledge of Windows, Linux, UNIX, any other major operating systems.
- 4-9 years of work experience in Strategy and Operations projects
- Strong Excel and PowerPoint skills.
Ideally, you’ll also have
- Project management skills
- Certifications: CISSP, GPEN, GWAPT.
What we look for
Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results.