Penetration Testing Consultant

CYBERSEC CONSULTING is a professional Cyber Security and Consulting services company headquartered in UAE to cover the India, Middle East, Africa and Levant market, is a global provider of the Cyber Security Professional Services, Remote Support, Certified Trainings, Outsourcing, Assessment and Consulting Services, as well as solution to offer the Security Operations Center (SOC) and Managed Security Services (MSS). We are a Cyber Security and Consulting services firm focusing on Cyber Security end-to-end services. We have professional Consultants specialized in the respective security domain, and experience in handling medium to sophisticated service and consulting delivery engagements.

The Role

You Will Be Responsible For

1. Conducting penetration testing, simulating an attack on the system to find exploitable weaknesses.
2. Developing and implementing security framework, policies, processes/procedures and guidelines.
3. Maintaining security subject-matter expertise and keep abreast of best practices & trends.
4. Managing vulnerability assessment.
5. Oversight & resolution of security incidents.
6. Designing, maintaining and supporting the network infrastructure.
7. Monitoring system performance and ensuring reliability and availability.
8. Recommending infrastructure solutions to meet business requirements in compliance with IT policy & procedure.
9. Providing Level 2 support and troubleshooting as and when required.

Ideal Profile

1. You possess a Degree/Diploma in Computer Science, Engineering or related field.
2. Experience in the range 2-3 yrs.
3. Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
4. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
5. Work closely with application, network and infrastructure teams when performing tests against new or existing systems.
6. Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.
7. Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems.
8. Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit.
9. Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response.
10. Be a part of the SDLC process for testing of new application systems/infrastructure.
11. Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
12. Configure and educate on the use of vulnerability assessment scanners (e.g., Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc).
13. Create, maintain and report metrics that measure effectiveness of various security controls.
14. Document areas of significant exposure to information systems and recommend solutions.
15. Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management.
16. The ability to articulate risks and findings to management.
17. Experience in preparing a security threat model and associated test plans.
18. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
19. Knowledge of current information security threats. Good understanding of coding best practices and standards.
20. In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
21. Excellent communication skills both written and verbal.
22. Critical thinking and good problem-solving abilities.
23. Organized in planning and time management skills are preferred.
24. Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.

What's on Offer?