Pen Tester - CERT Team

Offer published on 17 02 2025
Location :
Pune, India
Sector :
IS&Digital
Contract type :
Regular
Apply

Open positions

Pen Tester - CERT Team

- - - - - - - - - - - -

KEY EXPECTED ACHIEVEMENTS

Key Responsibilities

1. Penetration Testing (Pentest)

  • Conduct "security tests" on applications and systems in compliance with ethical standards and recognized methods.
  • Evaluate vulnerabilities and assess their exploitability within the IT ecosystem.

2. Red Team Operations

  • Actively participate in Red Team missions commissioned by the Group Security Team.
  • Simulate real-world attack scenarios to assess defenses and identify improvement areas.

3. Threat Hunting

  • Detect vulnerabilities across the IT landscape and ensure appropriate ticket creation and resolution.
  • Continuously identify exploitable bugs and proactively address them.

4. Development

  • Develop internal tools (scripts, software, APIs, web services) to enhance operational efficiency.
  • Automate repetitive tasks and improve existing workflows using custom scripts or software solutions.

5. Security Expertise

  • Provide security consultancy to various projects, supporting internal development teams with vulnerability remediation.
  • Offer expertise on web technologies, Active Directory/Windows environments, and network systems security.

6. Collaboration and Coordination

  • Collaborate with Global Security teams to deliver training, coaching, and best practices.
  • Foster a culture of continuous improvement and proactive defense across teams.

Desired Profile

  • Experience: 10-12 years in cybersecurity roles with a strong focus on penetration testing, threat hunting, and tool development.
  • Certifications: Relevant certifications like OSCP, CEH, GIAC, or similar credentials are preferred.
  • Hands-On Exposure: Experience with web application and AD/Windows environment penetration tests and network intrusion detection.

Technical Skills:

  • Penetration Testing Expertise:
    • Hands-on experience with HackTheBox, TryHackMe, or similar platforms.
    • Experience managing Bug Bounty Programs as an Ethical Hacker using relevant tools.
    • Proficiency in Burp Suite and IDA Pro (for reversing).
    • Strong PowerShell scripting and general scripting capabilities.
  • Web Development & Security:
    • Understanding of web application development and deployment to simulate attacker perspectives.
    • Expertise in penetration tests on web technologies, Active Directory/Windows environments, and networks.
    • Familiarity with intrusion tests on industrial control systems is a plus.
  • Programming & Scripting:
    • Proficiency in languages such as Python, Java, Shell scripting, .NET, and PowerShell.
    • Development experience for building tools, automation scripts, or utilities to improve security testing workflows.
  • Network & System Security:
    • Deep understanding of network security principles and systems security.
    • Ability to detect and mitigate vulnerabilities effectively.

Behavioral Competency

  • Initiative and Autonomy: Ability to work independently with minimal supervision.
  • Curiosity and Innovation: Strong curiosity to explore vulnerabilities and exploit potential bugs.
  • Collaboration: Adept at working in cross-functional, international teams and different time zones.
  • Communication Skills: Strong ability to articulate technical concepts to stakeholders effectively.

Availability

The role operates on a follow-the-sun model, requiring collaboration with the global Group CERT team. Analysts must operate 3-4 days from the office and be available on a rotation basis for Weekend on call support.