Netsentries is seeking experienced Penetration Tester candidates to support various client projects in India and UAE. The successful candidate will report directly to the Security Assessment Practice Lead and will perform internal/external network-based, and web application-based security vulnerability assessments and penetration tests based upon General Security Controls, Payment Card Industry (PCI) ASV, ISO 27000 and NESA standards. This person will also perform penetration tests in accordance with industry-accepted methods and protocols. Projects may include:
- Performing network-based security assessments
- Performing security assessments on Internet-facing applications
- Performing security assessments on software applications
- Performing penetration tests across public networks
- Performing penetration tests across internal networks
- Performing assessments of wireless networks
- Performing assessments of physical security using social engineering
- Working as a team member on multiple engagements to perform technical software and environment testing
- Performing security consultation projects to assist Client’s implement security controls
- Consulting with Client’s on approach and proper implementation of technical security controls
- Developing testing scripts and procedures
- Other security-related projects that may be assigned according to skills
Conducts penetration tests and vulnerability assessments against client infrastructure following a standard testing methodology using automated tools, ad-hoc tools, and manual testing.
Compile executive and technical reports and make recommendations to findings in responsive fashion.
Conducts external and internal segmentation testing against client infrastructure.
Work on developing an internal framework for Penetration Testing with strong reporting capabilities by customising Kali Linux and other open source penetration testing tools.
Develop methodology documents and pre engagement questionnaires for Penetration Testing and Vulnerability Assessment projects.
Thoroughly document exploit chain/proof of concept scenarios for client consumption.
Strong technical knowledge in performing manual/ automated network security assessments using open-source and commercial security tools on various operating systems, applications, network and security infrastructure devices.
Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools; especially for web applications, required.
Motivated with a desire to learn and to share knowledge.
Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25.
Hands-on experience in Kali Linux, Metasploit, Nexpose, Nmap, Burp, Paros, Nessus, Appscan,Core Impact and other relevant tools.
Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages.
CEH/ECSA/OSCP or other security certifications are desirable.
Experience with reverse engineering, exploit development, mobile, and industrial control systems are a plus.
Excellent communication skills (written & verbal) in English, must be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted subject matter expert.
Ability to work methodically, independently, and prioritize work
Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude
Willingness to travel, up to 20% (domestic/international)