Test Analyst / Senior Test Analyst - Penetration Testing OWASP, Burp Suite

Company Description

NEC Software Solutions (India) Private Limited!  is based in Mumbai (Worli & Airoli) and Bangalore with an employee strength of 1300+. It is one of the foremost providers of end- to-end IT services across various sectors. We work with diverse industry verticals which include publishing media financial services retail healthcare and technology companies around the world. Our customers range from two-person startups to $bn listed companies.

We have more than 30 years of experience in providing end to end IT services across the globe and have earned a reputation for delighting our customers by consistently surpassing expectations and helping them deliver robust market-ready software products that meet the highest standards of engineering and user experience. Supported by more than 1300 exceptionally talented manpower we are a hub for offshore support and technology services.

Job Description

Exp 2 - 5 Yrs

Job Description

We are seeking a talented and motivated Application Penetration Tester to join our growing security team. In this role

you will be responsible for identifying and exploiting vulnerabilities in web applications APIs and mobile applications.

You will work closely with developers and security engineers to remediate vulnerabilities and improve the overall security posture of our applications.

Communication and collaboration are paramount to this role the application penetration tester will be working closely with internal stakeholders on a continuous basis

providing application security testing and secure application design and implementation guidance.

The successful candidate will be able to demonstrate recent experience undertaking comprehensive application penetration testing using manual and automated testing techniques.

The successful candidate will join the central architecture and design team that comprises enterprise security and technical architecture disciplines as well as including the application penetration testing team.

Responsibilities will include:

· Plan and execute penetration testing engagements for web applications APIs mobile applications thick clients infrastructure and cloud penetration testing.

· Identify and exploit vulnerabilities in applications using manual and automated testing techniques.

· Document findings in detail including proof-of-concept exploits and recommendations for remediation and report writing skills.

· Collaborate with development and security teams to remediate vulnerabilities and improve application security.

· Stay up-to-date on the latest hacking techniques vulnerabilities and security tools.

· Participate in security code reviews and provide guidance on secure coding practices.

· May assist with developing and maintaining internal security tools and processes.

Experience

Essential

● Experience using a formal application penetration testing methodology such as Open-Source Security Testing Methodology Manual (OSSTMM) or Penetration Testing Execution Standard (PTES).

● Experience using Kali Linux including bundled penetration testing tools (Nmap Wireshark OWASP ZAP Sqlmap Metasploit).

● Experience using Burp Suite for application penetration testing.

● Knowledge of scripting and programming languages (e.g. Python Ruby Bash Powershell) for custom tool development and automation.

● Familiarity with various operating systems and network structures including client/server Unix/Linux systems Mac OS X VMware/Xen Virtual Box and cloud technologies such as AWS Azure or Google Cloud and Active Directory.

● Understanding of common application issues and remediation techniques OWASP Top 10.

● Understanding of secure development practices within a secure software development lifecycle experience of Waterfall Agile and DevOps / DevSecOps practices.

● Hold at least one recognised application penetration testing certification e.g. Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) GIAC Web Application Penetration Tester (GWAPT) CompTIA PenTest+.

● Can produce high quality documentation including test reports and best practice guidance.

● Good Interpersonal written and verbal communication skills.

Desirable

· Working knowledge of threat modelling methodologies to conduct threat-modelling against new applications and services.

● Familiarity with compliance & security standards across the enterprise IT landscape such as ISO 27001 and NCSC Cyber Essentials as well industry security requirements such as NIST and CIS.