Associate Consultant - Vulnerability Assessments Job

• The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing.
• Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc.
• Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc.
• Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network).
• Experience and knowledge of Web Application Security standards such as OWASP/SANS etc.
• The Security Test Engineer should have the ability to stay organized and possess excellent communication skills.
• Experienced in preparing and presenting detailed penetration testing report.
• The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security.

• Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs
• Network analysis tools to identify vulnerabilities.
• Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable.
• Creation of vulnerability metric and remediation-related dashboards and reports.
• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing.
• Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities.
• Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
• Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs.
• Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies.

• Cybersecurity principles
• Security source code review vulnerabilities
• Cyber threats and vulnerabilities
• System and application security threats and vulnerabilities
• General attack stages (e.g.: foot printing and scanning, enumeration, gaining access)
• Escalation or privileges, maintaining access, network exploitation, covering tracks)
• Ethical hacking principles and techniques; penetration testing principles, tools, and techniques.
• Use of penetration testing tools and techniques and social engineering techniques
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner.

• Bachelor's degree or equivalent practical experience.
• 8 years of relevant work experience within areas of penetration testing
• Previous experience with systems administration and/or programming.
• Mandatory certifications:Offensive Security Certified Professional (OSCP)

• Flexible work arrangements, Free spirit, and emotional positivity
• Agile self-determination, trust, transparency, and open collaboration
• All Support needed for the realization of business goals,
• Stable employment with a great atmosphere and ethical corporate culture

YASH Technologies