This is a full-time on-site role for a Penetration Tester located in Ahmedabad. The Penetration Tester will be responsible for identifying vulnerabilities within our digital infrastructure. By simulating cyber-attacks and assessing our systems, this role plays a fundamental part in highlighting potential security threats and strengthening our defenses.
Qualifications
- 2+ years experience in a Penetration Testing position
- Experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies.
- Infrastructure penetration testing while most of the time focused on assessing cloud environments, both public and private ones.
- Preferred certifications are listed as follows OSWA, OSCP, CPSA, CWAT, Pen Test+, CPENT, GPEN, AWS Security Specialty or similar certifications.
Scope Of Work
- Infrastructure Assessment: The Penetration Tester will analyze a variety of systems within Experian, spanning from external-facing applications to internal networks or cloud environments, ensuring all potential vectors of attack are considered.
- Regular Deliverables: Meeting targets is crucial. Delivering a minimum workload per month is a clear metric of productivity, yet it s vital this doesn t come at the expense of the assessment s depth or quality.
- Strategic Testing: Under the guidance of senior team members, the Penetration Tester will work to determine which systems to test, based on current risk assessments and business needs.
- Standards Adherence: While conducting tests, it s essential to follow industry best practices and our in-house SOPs, ensuring consistent and rigorous assessments.
- Skill Development: Continual learning is encouraged. While proficiency in basic scripting and understanding of various environments is required, there will be opportunities to expand on these skills and learn new techniques.
- Clear Communication: The ability to relay findings, both to the cybersecurity team and potentially to broader stakeholders, is essential. Clear, concise reporting ensures swift action can be taken on any vulnerabilities found.
- Team Collaboration: Being a valuable team player is vital. While the Penetration Tester will work on individual projects, collaboration, sharing insights, and integrating feedback are all crucial aspects of the role.
Roles And Responsibilities
- Deliver above the minimum required workload per month without compromising on the quality of assessment.
- Deliver penetration tests on both business-critical applications and infrastructure to support the organization s information security risk management program.
- Ensure tests are prioritized based on business and compliance requirements, such as compliance due date, requested date and feedback from the application team.
- Guarantee engagements are fully compliant of our standard operating procedures and service level agreement timelines.
- Proficient at scripting and automating exploits in language of choice
- Make consistent efforts to upskill and learn new testing standards.
- Understand and clearly communicate potential vulnerabilities and their associated risk level, remediation steps and/or mitigating controls with business stakeholders.
- Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and encryption.
- Participate in regular Teach-the-team sessions to share the knowledge with team members.
- Complete assigned training and certification per agreed timeline
- Attend and contribute during engagement s scoping calls.
