Sr. Penetration Testing engineer
Sony India Software Centre View all jobs
- Bangalore, Karnataka
- Permanent
- Full-time
- Maintain a good relationship with key stakeholders, including business, other Application & ISO teams to deliver on security requirements timely and effectively.
- Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Web services/APIs and mobile applications/devices.
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
- Produce actionable, threat-based, reports on security testing results.
- Stay abreast of newer trends in tools and technologies used for web application security.
- Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer-centric and collaborative mindset.
- Works autonomously within established procedures and practices.
- Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.
- Provide leadership to the global team at strategic, tactical, and operational level
- Experience in the range of 6 to 8 years.
- Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network, Cloud & blockchain.
- Experience in both commercial and open source tools like: Burp Professional, Nmap, Kali, Metasploit, etc.
- Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
- Experience in preparing a security threat model and associated test plans.
- Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
- Knowledge of current information security threats
- Good understanding of coding best practices and standards.
- In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
- Excellent communication skills both written and verbal.
- Critical thinking and good problem solving abilities.
- Organized in planning and time management skills are preferred.
- Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.