AddressRole: Analyst-VAPT (Vulnerability Management and Pentration Testing)-Cybersecurity Job Location: Greater Noida Required Skills: ? Hands on experience in Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). ? Demonstrated experience with a variety of vulnerability scanning, assessment, and management technologies (e.g.
Nessus, Tenable, Qualys, etc.) ? Should have experience on Tenable OT Security ? identify assets in your OT environment, communicate risk, prioritize action and enable your IT and OT security teams to enhance the security. ?
Plan the penetration test. ? Proficient in Web application penetration testing including APIs ? Skilled in manual testing and using Burp Suite Pro, WebInspect, Acunetix, Postman ?
Expertise in setting up DAST tools, scan configuration, troubleshooting. ? Very good knowledge on OWASP security standards. Deep understanding of common security vulnerabilities.
? Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams, previous results, threat model and source code scanning inputs. ? Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.
? Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. ? Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.
? Knowledge of Static Application Security Testing (SAST) integration into the build process ? Should be capable of understanding customer requirement for security testing. ?
Capable of providing security solutions to the customer for complex security testing/risk requirement. ? Good presentation skills, Strong communication and good customer handling skill. ?
Should be capable of handling escalations." ? Tools : GitLab, SonarQube, Burpsuite, Postman, Acunetix, Kali Linux, Wireshark, Tenable One, Tenable.ot, Tenable.io, Python, Bash. ? Certifications : Certifications such as OSCP, CEH.CHFI would be an added advantage including the OEM(Tenable) specific.
Qualifications: ? BE / B Tech / MCA or equivalent Experience: 7-12 years
