Penetration Testing Consultant

CYBERSEC CONSULTING is a professional Cyber Security and Consulting services company headquartered in UAE to cover the India, Middle East, Africa and Levant market. We are a global provider of Cyber Security Professional Services, Remote Support, Certified Trainings, Outsourcing, Assessment and Consulting Services, as well as solutions for Security Operations Center (SOC) and Managed Security Services (MSS). We focus on Cyber Security end-to-end services with professional Consultants specialized in their respective security domains and experienced in handling medium to sophisticated service and consulting delivery engagements.

The Role

You will be responsible for:

• Conducting penetration testing, simulating an attack on the system to find exploitable weaknesses.
• Developing and implementing security framework, policies, processes/procedures, and guidelines.
• Maintaining security subject-matter expertise and keeping abreast of best practices & trends.
• Managing vulnerability assessments.
• Oversight & resolution of security incidents.
• Designing, maintaining, and supporting the network infrastructure.
• Monitoring system performance and ensuring reliability and availability.
• Recommending infrastructure solutions to meet business requirements in compliance with IT policy & procedures.
• Providing Level 2 support and troubleshooting as required.

Ideal Profile

• You possess a Degree/Diploma in Computer Science, Engineering, or a related field.
• Experience in the range of 2-3 years.
• Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, and Network.
• Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
• Work closely with application, network, and infrastructure teams when performing tests against new or existing systems.
• Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems.
• Validate vulnerability assessment results where appropriate, prioritize remediation requirements, and work with network, infrastructure, and desktop teams to address security problems.
• Perform exploit analysis for identified vulnerabilities manually, with custom scripts, or use tools such as Metasploit.
• Work closely with application development teams, technology teams, and other members of the Information Security team to identify and remediate security issues as part of Incident Response.
• Be a part of the SDLC process for testing of new application systems/infrastructure.
• Participate in multiple organizational areas such as security architecture and design, service delivery, training, and client communication.
• Configure and educate on the use of vulnerability assessment scanners (e.g., Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc.).
• Create, maintain, and report metrics that measure the effectiveness of various security controls.
• Document areas of significant exposure to information systems and recommend solutions.
• Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management.
• The ability to articulate risks and findings to management.
• Experience in preparing a security threat model and associated test plans.
• Experience in translating complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
• Knowledge of current information security threats and a good understanding of coding best practices and standards.
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
• Excellent communication skills, both written and verbal.
• Critical thinking and good problem-solving abilities.
• Organized in planning and time management skills are preferred.
• Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.