Cybersecurity Analyst (In-depth Pen Tester)

Techparadigm IT Security LLP is looking for Bug Bounty Hunter who will be responsible for security assessments and penetration testing of application and enterprise environments as well as security research and development of security tools, processes, and testing methodologies.

Job Description:

• Strong knowledge of the OWASP, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Clickjacking, buffer overflows, etc.
• Experience in performing application security testing using manual techniques and automated tools along with runtime vulnerability testing tools.
• Experience in static and dynamic secure code review.
• Experience in manual application penetration testing of thick client applications, mobile applications, web services, API etc.
• Thorough understanding of common web technologies like (dot)NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc and protocols including HTTP(S), DNS, FTP, SSH etc.
• Had performed manual mobile application penetration testing on platforms like Android, IOS etc.
• Should have knowledge of Risk Rating Standards like DREAD, CVSS etc.
• Experience in VA/PT of networks, servers, devices etc.
• Good understanding of web application architecture and Secure development life cycle(SDLC).
• Experience in threat modeling and risk analysis.
• Understanding of software development methodologies such as waterfall, Rational Unified Process, and Agile software development.
• Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burpsuite Pro, etc) is desirable.
• Should be ready to travel within and outside the country.
• Perform web, thick-client, mobile application security assessments (using manual and automated penetration testing methods) and code reviews, with report preparation.
• Preparing audit reports and findings tracker sheets for each application in the provided template.
• Conduct penetration testing for thin & thick client based applications.
• Conduct Secure Code review or Network Penetration or Mobile Application Assessment
• Should be able to deal with multiple platforms like Windows, Linux, and technologies like Java, (dot)Net
• Conduct Penetration Testing and Consult Product Development Team to secure Financial and Telecom Applications.
• Communicate with customer teams to explain and demonstrate vulnerabilities to application/system owners, and assist with the mitigation of the identified vulnerabilities.
• Researching the latest security best practices, staying abreast of new threats and vulnerabilities and helping to disseminate this information to the group as well as the organization.
• Conceive of and implement technical and process improvements.
• Maintaining the quality of audit and audit report.
• Experience in training sessions on Information security awareness.
• Enhancing the technical skill sets of the team members.
• Good if having ICS/SCADA experience.

Skills required/Expertise:

• Proficient in written and oral English communication skills.
• Expertise in web application security testing.
• Expertise in mobile application security testing.
• Strong organizational, teamwork, multi-tasking and time-management skills.
• Lead at least a team or two to three consultants.
• Manage a team during project execution as needed for the smooth execution of the project.
• Experience in banking, as well as healthcare domain, will be added advantage.

[ Should be able to think "out of the box". Possess an ability to implement new attack approaches/vectors. ]

Good to have:

• Certifications: CEH, OSCP (Mandatory), CISA, CISSP.
• Bug Bounty track, participation & awards.

Please share your current CTC & Location(City) in a message.

[ Note: Immediate Joiners preferred- 5-10 days ]