Associate Security Consultant (CEH/OSCP/CREST)

Associate Security Consultant (CEH/OSCP/CREST) Pentester

September 6, 2024 — by admin

Job Category: Penetration Tester
Job Type: Full Time
Job Location: Pune

We are looking for an experienced Associate Security Consultant with expertise in vulnerability assessments (VA) and penetration testing (PT) for web, mobile, and network applications. This role requires knowledge of industry security standards like OWASP Top 10, SANS 25, and CIS benchmarks to identify and resolve security vulnerabilities.

In this role, you will conduct automated and manual VA/PT on internal and external networks using advanced tools like Nessus, Kali Linux, and other open-source solutions. You will perform black-box, grey-box, and white-box testing methodologies to detect vulnerabilities and mitigate potential risks. Additionally, you’ll conduct device configuration reviews and ensure adherence to security policies by analyzing and hardening operating systems, network devices, databases, and web servers.

You’ll collaborate with senior management and incident response teams, providing detailed security assessments, gap analyses, and actionable audit reports. You will also be responsible for researching the latest vulnerabilities and exploits, ensuring the organization stays ahead of emerging security threats.

The ideal candidate should hold certifications such as OSCP, CEH, or CREST, and have hands-on experience with network-based vulnerability scans. Knowledge of handling false positives and strong communication skills to explain security issues to both technical and non-technical stakeholders is essential.

If you are passionate about cyber security, have a deep understanding of web-based attacks and mitigation strategies, and thrive in a fast-paced environment, we encourage you to apply.

Key Responsibilities

  1. Perform Web application VA/PT based on OWASP Top 10 and other Security standards to identify vulnerabilities and articulate security issues to technical and non-technical audience.
  2. Perform Network VA/PT based on security standards to identify vulnerabilities and articulate security issues to technical and non-technical audience.
  3. Perform Mobile VA/PT based on OWASP Top 10 and other Security standards to identify vulnerabilities and articulate security issues to technical and non-technical audience.
  4. Perform Device Configuration Review identify misconfiguration and articulating security issues to technical and non-technical audience.
  5. Performing Automated and Manual vulnerability assessment and penetration testing of Web, Mobile and Network as per standards using both commercial and open-source tools.
  6. Performing penetration testing across internal, external networks and applications using black-box, grey-box, and white-box testing methodologies.
  7. Provide operational analysis of vulnerabilities and threats to information systems.
  8. Identify, analyze, and prioritize discovered security exposures and follow up with IT staff to remediate findings and confirm compliance to security standards.
  9. Analyze and suggest configurations & hardening settings of different Operating Systems, Network Devices, Databases and Web Servers as required.
  10. Work with central Vulnerability tools management team to resolve/fulfil any issues or requirements regarding the centrally provided vulnerability assessment infrastructure.
  11. Interact with Senior Management, Incident Response and Risk Management teams to provide security assessments, security gap-analysis, audit reports and recommendations.
  12. Develop, document, and implement data security procedures that enforce information security standards.
  13. Perform other security-related duties as requested.
  14. Preparing Reports documenting based on internal templates.
  15. Proactive research on latest vulnerabilities and exploits.

Qualifications

  1. Certification– OSCP/CEH/CPSA/Crest-CRT/CRTO/CRTE and Other.
  2. Qualifications– B.Sc. (CS and IT), BE, BCA, and Other Equivalent.
  3. Understanding known Security Standards Like OWASP Top 10, SANS 25, CIS benchmark and Others.
  4. Understanding of and experience with performing network-based vulnerability scans using manual methods and automated tools – Nessus, Kali Linux, Open-source tools or equivalent.
  5. Experience in false positive cases handling on networks and systems.
  6. In-depth understanding of various types of networks & web-based attacks and mitigation.
  7. Familiarity with well-known vulnerabilities and exploits to understand its impact on business.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx