Hiring for Application Penetration Testing Analyst Mumbai for Exp. 3 - 6 Years at WTW GLOBAL DELIVER (Job in Mumbai)
(Not Shown) (Please mention MumbaiClassic.com when contacting)
Design and execute penetration tests against target applications across a wide variety of products and platforms
Conduct threat modelling activities around new technology applications.
Maintain a register of applications requiring annual penetration tests.
Work with 3rd party providers to scope and schedule penetration tests for applications as part of the software development lifecycle and BAU applications requiring regularly scheduled testing.
Assess penetration test findings and liaise with development teams to remediate identified vulnerabilities.
On a sampling basis, validate and assure the consistency of penetration test findings.
Escalate quality assurance issues to 3rd party penetration testing providers completing tests on WTW behalf.
Articulate penetration test findings in both technical and non-technical language dependent on the audience (both technical and business stakeholders) allowing them to make informed risk based decisions on how vulnerabilities should be addressed.
Track identified vulnerabilities through to remediation, mitigation or risk acceptance.
Qualified to degree level, preferably in IT or security related subject.
Be interested in developing skills and knowledge in information security, and willing to work towards appropriate professional qualifications.
OSCP, GWAPT certification would be an added advantage
Strong understanding about enterprise wide technologies including database, operating system, web application, middleware, etc.
Knowledge of applied cryptographic protocols
Experience with security assessment tools, including Metasploit, Burp Suite Pro.
Proven ability to work in global collaborative group environment
Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
Strong communication skills, both oral and written
A solid foundational understanding of TCP/IP.
Team player with good interpersonal skills
Organised and methodical
Willing to challenge and desire to learn
Ability to communicate technical concepts to nontechnical disciplines
Good communication skills, both orally and in writing
Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce
Knowledge in application development, DevOps
Thorough understanding of network protocols, data on the wire, reverse engineering, covert channels, data obfuscators, ciphers and shell scripting
Knowledge of systems and application security vulnerabilities
Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security security engineering application architecture authentication and security protocols application session management applied cryptography common communication protocols mobile frameworks single sign-on technologies exploit automation platforms RESTful web services.