Job Description:
- The role of the PenTest Lead is to lead the penetration testing team as they deliver managed security services to customers through a broad suite of PenTest activities work with other Centelon operations teams to ensure Centelon policies are followed, constantly work on improving the security of Centelon and its customers, and to coordinate investigation and reporting of identified vulnerabilities.
- The PenTest Lead will also have leadership, management, and accountability responsibilities for PenTest engineers and analysts. The major focus will be on Cloud Security, Red Teaming, and Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments.
ROLES AND RESPONSIBILITIES:
o The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation presentation to stakeholders along with the operation and construction of tools to assist in these tasks.
o Well versed with OWASP – Top Ten and WASC Threat Classifications
o Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
o Business-Logic-based application testing.
o Penetration testing of Mobile applications and websites.
o Exploitation of the issues found and presenting the impact occurred.
o Source Code Reviews – Well versed in Java Secure Code Review.
o Well-versed in OWASP Code Review concepts & identifiers
o Familiar with popular tools: * Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark *
o Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider * Exploit Toolkits: Metasploit, Exploit DBetc
o Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them.
o Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
o As a lead, responsible for overseeing all activities within a team and responsible for keeping track of and structuring various tasks.
o Coach team members technically and develop a team.
o Handle projects efficiently within time & high on quality. Attention to detail.
Required Skills/Experience:
o Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile)
o Network Security Testing/Penetration Testing (Network, OS, Databases etc.)
o Static Code Analysis/ Secure Code Review.
o Cloud Security Testing: Assess the security posture of cloud infrastructure, platforms, and services (IaaS, PaaS, SaaS).
o Evaluate cloud configuration settings for adherence to security best practices.
o Identify potential misconfigurations, access control issues, and data leakage risks.
o Cloud Security – AWS and Azure, GCP, Oracle domain. (Any one to two cloud domains he/she should have knowledge.)
o Cloud Application Pentest / Cloud Network Pentest
o Cloud Security Architecture Review for Infrastructure and Application
o Cloud Security Configuration Review
o Network Security Architecture Review, Red Teaming
o Reporting and Documentation for Security.
Recommended Skills/Good to Have
o Experience supervising technical resources and direct interaction with customers.
o Good to have any one of the OSCP CISSP or GPEN certifications.
o VAPT, Web application Security, Mobile Application Security, Network Security, API Testing.
o Cloud Security, AWS and Azure, GCP, Oracle domain Cloud Application Pentest, (Network Pentest, Architecture Review for Infrastructure and Application, Cloud Security Configuration Review, Network Security Architecture Review, and Red Teaming).
