Position Application Penetration Testing Analyst
Business Unit Technology
Job Family Business Support
Location Mumbai Vikhroli
Reporting to Information Security Manager
Job Level Senior Officer/ Assistant Manager
Look for candidates with 3 8 years experience
Candidates with prior experience in coding is must
As per my latest discussion with counterparts candidates are majorly lacking on coding skills and since they are the guard for hacking it would not make sense of hiring a resource who does not bring the relevant skillsets. Hence the profiles in pipeline are rejected during resume screening exercise
Ideal candidate would be someone who has done web api testing,mobile testing,app testing,etc
Job Location Vikhroli
Shifts - UK rotational
No gaps in education 10,12,Grad
All experience and relieving documents in place
Application Penetration Testing
Design, and execute penetration tests against target applications across a wide variety of products and platforms
Conduct threat modelling activities around new technology applications.
Maintain a register of applications requiring annual penetration tests.
Work with 3rd party providers to scope and schedule penetration tests for applications as part of the software development li fecycle and BAU applications
requiring regularly scheduled testing.
Assess penetration test findings and liaise with development teams to remediate identified vulnerabilities.
On a sampling basis, validate and assure the consistency of penetration test findings.
Escalate quality assurance issues to 3rd party penetration testing providers completing tests on WTW behalf.
Articulate penetration test findings in both technical and non-technical language dependent on the audience (both technical and business stakeholders) allowing
them to make informed risk based decisions on how vulnerabilities should be addressed.
Track identified vulnerabilities through to remediation, mitigation or risk acceptance.
Communications and Relationships
With the IT Security Directors and Security Team; Information Security Programme Manager, Project Managers, Risk & Compliance, and IT.
With external development teams at suppliers and vendors.
Global Business Knowledge
Integrity and Trust
Qualified to degree level, preferably in IT or security related subject.
Be interested in developing skills and knowledge in information security, and willing to work towards appropriate professional qualifications.
OSCP,GWAPT certification would be an added advantage
ASP.NET, AJAX, JSON, Objective-C, Perl, Python, Ruby, Bash.
Strong understanding about enterprise wide technologies including database, operating system, web application, middleware, etc.
Knowledge of applied cryptographic protocols
Experience with security assessment tools, including Metasploit, Burp Suite Pro .
Proven ability to work in global collaborative group environment
Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
Strong communication skills, both oral and written
A solid foundational understanding of TCP/IP.
Team player with good interpersonal skills
Organised and methodical
Willing to challenge and desire to learn
Ability to communicate technical concepts to nontechnical disciplines
Good communication skills, both orally and in writing
Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce
Knowledge in application development, DevOps
Thorough understanding of network protocols, data on the wire, reverse engineering, covert channels, data obfuscators, ciphers and shell scripting
Knowledge of systems and application security vulnerabilities
Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security ; security engineering;
application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile
frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
Application Development experience of Around 3 years
IT security, service delivery, systems development or similar experience
Experience of managing own workload and delivering to tight timescales.
Other e.g. location / business specific Inc. language skills etc.
Fluent Business English essential.
Other languages are an advantage.
This role will be based in a geographic location appropriate to the needs of the business, and appropriate local l anguage skills may be required.
Some travel between offices may be required, including international travel.
Having forged a strong network of corporate relations, with our ability to serve them for HR... requirements and training Programmes with our Expertise acquired through years, Finish assignments before deadlines, along with being accurate to the requirements, has made us a force in reckoning. Read full description