About Xerox Holdings Corporation
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we've expanded into software and services to sustainably power today's workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.
The Senior Offensive security engineer is responsible for securing Xerox applications and network infrastructure by identifying threats, and vulnerabilities using a combination of automated and manual techniques and collaborating with application teams to prioritize and remediate the vulnerabilities.
Designation: Senior Security Engineer Offensive Security
Qualification: bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field.
Professional Certifications:
Preferred A technical certification such as OSCP, OSWP, GPEN, GWAPT, OSWE, OSEP, OSED, OSEE, GXPN or equivalent is desired.
Timings: 1 PM to 10 PM(IST)
Location: Bangalore, Kochi, Gurgaon, Remote
Primary Responsibilities
- Perform penetration testing on applications/products (Web, Mobile, Thick client applications, Printers) to identify security vulnerabilities
- Automate penetration and other security test activities on networks, system and applications
- Plan and perform red team exercises on a variety of environments including on-premises, cloud infrastructure to simulate threat actors TTP
- Validate vulnerabilities submitted by external researchers and identified in external pentests
- Continuous research on new attack vectors/techniques impacting enterprise applications/networks
- Work with cross-functional teams to align and prioritize remediation efforts
- Develop scripts, tools, or methodologies to enhance offensive security capabilities.
Knowledge And Skills Required
- 8+ years of offensive security responsibilities
- Expertise in performing penetration testing on web, mobile, IoT and client server applications
- Strong understanding of common vulnerabilities, attack vectors and corresponding mitigation techniques
- Prior experience participating in red team exercises
- Experience performing manual code reviews
- Strong manual penetration testing and exploit development experience
- Prior software development experience is a plus
- Knowledge of applicable industry standards, leading security practices and regulatory requirements
- Strong exposure to popular application security standards including OWASP TOP 10, SANS TOP 25 etc.
- Proficiency with at least one of the following programming languages desired: Java, .Net, C#, C, C++
- Strong interpersonal skills as well as excellent written and verbal communication skills
- Uncompromising personal and professional integrity and ethics