BOLD jobs - Penetration Test Engineer

BOLD is an established and fast-growing product company that transforms work lives. Since 2005, BOLD has delivered award-winning career services that have a meaningful and positive impact on job seekers and employers. BOLD’s robust product line includes a professional resume and cover letter writing services, scientifically validated career tests, and employer tools that help companies hire, onboard, and communicate with their staff.

In India, our infrastructure team uses mixture of IAAS & PAAS for migration and virtualization to create smooth website hosting which creates great consumer experience. All the products are on Microsoft Azure used for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers.

Role

Job description:

Responsibilities

• Perform formal penetration tests on web-based applications, networks, and computer systems
• Conduct physical security assessments of servers, systems, and network devices
• Design and create new penetration tools and tests
• Good understanding of VAPT
• Specific tools: Burp Suite, Qualys
• Probe for vulnerabilities in web applications, fat/ thin client applications, and standard applications
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
• Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
• Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
• Research, document and discuss security findings with management and IT teams
• Review and define requirements for information security solutions
• Provide feedback and verification as an organization fixes security issues
• Demonstrated experience developing and reviewing malicious use cases/ threat models
• Good understanding of Content Security Policy, security-related headers, exploitation of Reflected Cross-Site scripting, Server Side Request Forgery and Stored Cross Site Scripting
• Knowledge and understanding of information security industry standards and government regulations

Required Skills

• 5+ years of experience in security applications and systems
• 5+ years of DAST (Dynamic Application Security Testing) experience
• Minimum of 4 years of demonstrated experience with automated penetration tools
• Advanced Information Security technical skills
• Ability to manage complex issues and develop solutions

Good To Have

• Excellent verbal and written communication skills
• Strong analytical skills with high attention to detail and accuracy
• Ability to manage multiple and competing priorities
• Ability to take on a high level of responsibility, initiative, and accountability
• Good attention to detail and accuracy skills

Work Experience

5 to 9 Years

Educational Qualification

Engineering/ Master’s Degree from a good Institute (preferably Computer Science or related)