Cybersecurity Auditor

Banglore, Chennai, Hyderabad, Cochin, Mumbai, Delhi, Kolkata, Ahmedabad, Coimbatore

Posted Date :2024-03-08

---

We would prefer the immediate joiners

 

Job Description

Develop, implement and maintain IT Security & Compliance policies
Location: Banglore, Chennai, Hyderabad, Cochin, Mumbai, Delhi, Kolkata, Ahmedabad, Coimbatore

Responsibilities

•     Develop, implement and maintain IT Security & compliance policies.
•     Develop Procedures and standards as well.
•     Conduct Periodic Risk assessments.
•     Manage internal IT audit function to routinely validate the performance of controls.
•     Analyse external audit findings.
•     Perform periodic audits on company procedures and processes.

 

Eligibility

•     B. Tech / M.C.A/ MS IT in computer science or a similar subject is required.
•     Minimum of 3-4 years experience required.
•     Strong Understanding of IT security, and networking.
•     Proven track record and experience in writing information security policies and procedures.
•     Knowledge of common information security management frameworks such as ISO/IEC 27001 and NIST
•     Able to communicate effectively both written and verbally with key stakeholders, leadership, and customers.
•     Hands-on experience in auditing and writing reports.

Senior [Red Team] Security Consultant

Banglore

Posted Date :2024-03-01

---

Applicants for this position should demonstrate leadership and sound business judgment in anticipating client/project needs and developing alternative solutions.

 

Responsibilities:

1. Compromising the target’s security by extracting information, infiltrating its systems, or breaching its physical perimeters.
2. Evading detection by the blue team, often operating within narrow timeframes that challenge the blue team's ability to neutralize threats before damage occurs.
3. Exploiting bugs and weaknesses in the target’s infrastructure to identify gaps in technical security and enhance overall security posture.
4. Initiating hostile activities, including sophisticated penetration testing, to assess the blue team’s defensive capabilities reliably.

 

Skill Sets:

1. Conducting initial reconnaissance using open-source intelligence (OSINT) to gather information on the target.
2. Deploying command-and-control servers (C&C or C2) to establish communication with the target’s network.
3. Utilizing decoys to mislead the blue team.
4. Applying social engineering and phishing techniques to manipulate employees into compromising their machines or revealing sensitive information.
5. Performing physical and digital penetration testing.
6. Conducting network penetration testing and manipulating network infrastructure.
7. Scripting or automating tasks using Perl, Python, or Ruby.
8. Developing, extending, or modifying exploits, shellcode, or exploit tools.
9. Reverse engineering malware, data obfuscators, or ciphers.
10. Demonstrating a thorough understanding of network protocols, data on the wire, and covert channels.
11. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell.
12. Building security tools and automating Red Teaming workflows.
13. Utilizing Threat Modeling methodologies to identify threats and shape Red Team operations.
14. Understanding Mitre’s ATT&CK Framework.
15. Possessing certifications from SANS and Offensive Security is highly desirable.
16. Conducting Web Penetration Testing (OWASP and SANS).

 

Key Responsibilities for Cyber Security Consultants:

1. Proficiency with leading commercial and open-source automated reconnaissance and penetration testing tools and services.
2. Ability to perform targeted penetration tests without relying solely on automated tools.
3. Familiarity with networking fundamentals.
4. Understanding of application design principles.
5. Knowledge of web and mobile application exploitation methodologies.
6. Ability to independently research new vulnerabilities in software products.
7. Familiarity with the fundamentals of software exploitation on modern operating systems.

 

Qualifications:

1. Minimum 2 years of experience performing network, web, and mobile application penetration tests.
2. Offensive Security Certified Professional (OSCP) / Offensive Security Certified Expert (OSCE).
3. Certified Ethical Hacker (CEH).

Red Team Operator (Senior Penetration Tester)

Banglore

Posted Date :2024-03-01

---

Requirements:

• Minimum of 2 years of professional experience in Red Team exercises.
• Certifications such as OSCP, CRTO, CRTP, or other penetration testing certifications are advantageous. Alternatively, more than 3 years of focused experience in penetration testing is acceptable.
• Proficiency in multiple programming and scripting languages, including C/C++, Rust, Go, Dart, Nim, PowerShell, Python, and Bash.
• Advanced knowledge of networking concepts, including routing, switching, and Transport Layer protocols (TCP/IP suite).
• Familiarity with common application layer protocols such as HTTP/S, DNS, Kerberos, and LDAP.
• Experience with Active Directory and related authentication/authorization technologies.
• Capable of evaluating environments, applications, systems, or processes to identify weaknesses and develop actionable real-world attack strategies.

 

Responsibilities:

1. Continuously share knowledge and experience with junior team members.
2. Stay updated on new and emerging technologies, and develop tools and methodologies to assess their security.
3. Develop internal implants and artefacts for delivering payloads.
4. Test and research techniques in our threat-hunting lab.
5. Act as the technical lead for penetration testing projects.
6. Participate in penetration testing and red teaming projects.
7. Create testing plans for complex environments and actively participate in testing them.
8. Perform red team operational tasks, including but not limited to:
   • Toolset development
   • Development of custom implants and C2 framework
   • Red Teaming infrastructure development and implementation
   • Develop and maintain red teaming methodology
   • Purple Teaming
   • Design and planning of social engineering campaigns (e.g., Phishing)
   • Infrastructure-level penetration testing
9. Write and review reports/presentations about testing results and present and explain them to clients at a deep technical level.

Security Engineer - Red Team

Banglore

Posted Date :2024-03-01

---

Responsibilities:

1. Conduct network penetration testing, employing a variety of techniques such as exploiting vulnerabilities, bypassing defences, and escalating privileges.
2. Design and execute targeted social engineering attacks to evaluate human vulnerabilities and security awareness.
3. Develop assumed breach scenarios to simulate real-world attacks, testing the effectiveness of our incident response procedures and readiness.
4. Utilize penetration testing frameworks like Metasploit, Kali Linux, and Burp Suite, while continuously updating knowledge and exploring new tools.
5. Collaborate with blue teams, developers, and stakeholders to effectively communicate findings, prioritize vulnerabilities, and recommend remediation strategies.
6. Stay informed about emerging threats by researching, attending conferences, and actively contributing to the offensive security community.

 

Required Skills:

1. Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). A Master's degree in Information Security is advantageous.
2. Experience with social engineering techniques and methodologies.
3. Proficiency in scripting languages like Python and Bash.
4. Excellent communication and teamwork skills, capable of explaining complex technical concepts to both technical and non-technical audiences.
5. A passion for learning, consistently seeking new ways to enhance skills and knowledge.
6. Bonus points for experience with cloud security, web application security, and post-exploitation frameworks.

Offensive Security Engineer - Red Team Consultant

Banglore

Posted Date :2024-03-01

---

As an Offensive Security Engineer (Red Team Consultant), you will collaborate with a team to conduct various forms of security testing on our clients' Network Infrastructure and Web applications. Your role involves identifying security issues and proposing effective solutions. Additionally, you will engage with clients to recommend long-term security controls. Your responsibilities will encompass researching vulnerabilities within client networks and web applications, performing network penetration testing, conducting web application security assessments, and executing other highly technical engagements across diverse client industries. You will also be tasked with recommending and implementing enhancements to testing methodologies, producing comprehensive reports, and delivering presentations tailored for both technical and non-technical audiences, including executives and stakeholders.

 

Key Responsibilities:

1. Perform penetration tests on network infrastructure, systems, and applications to detect exploitable vulnerabilities and assess potential security risks.

2. Simulate real-world cyber-attack scenarios to evaluate the organization's defense capabilities and overall security posture.

3. Assess the functionality and effectiveness of Security Devices, including firewalls, IDS/IPS, antivirus software, EDR solutions, web content filtering systems, Email Gateway Security, Data Loss Prevention, etc.

4. Possess a solid understanding of network security, DDoS attack infrastructures, and ISP defense mechanisms.

5. Conduct physical and wireless security assessments across various client locations.

6. Utilize common testing frameworks, such as the MITRE ATT&CK framework, in project execution.

7. Plan and execute red team engagements/activities, defining scopes, objectives, and timelines.

8. Document and categorize findings discovered during assessments, and research novel tactics, techniques, and procedures for gaining unauthorized access to user data.

9. Incorporate Threat Intelligence research to monitor APT trends and assist partners in testing their environments against emerging threats.

10. Develop, extend, or modify exploits, shell code, or exploit tools.

11. Collaborate with Incident Response, Product Security, and other security partners to align remediation efforts for optimal company protection.

 

Requirements & Skills:

1. Minimum of 2+ years of experience in Offensive Security / Red Team or related positions.

2. Proficiency across various Operating Systems (*nix, MacOS, Windows).

3. Proficient with stateful network operations and adept at using network mapping tools like Nmap.

4. Knowledgeable in Active Directory and Windows Security.

5. Familiarity with common C2 Frameworks.

6. Experience with cloud-based environments (e.g., GCP, AWS, Azure).

7. Familiarity with container-based environments.

8. Actively engaged in contributing to the security or privacy community through avenues like public research, blogging, presentations, bug bounties, CVEs, etc. is advantageous.

9. Ability to articulate technical concepts to diverse audiences through written reports and verbal presentations.

10. Detailed understanding of global cyber threats, threat actors, and their tactics, specifically those targeting the e-commerce sector.

11. Agile-minded team player with effective planning, scheduling, and adaptability skills to meet deadlines.

12. Eagerness for self-improvement, openness to new ideas, and forward-thinking mindset.

13. Excellent communication skills in both written and spoken English.

14. Relevant certification(s) from Offensive Security, eLearnSecurity, or SANS Institute is beneficial.

Security Operations Specialist

Banglore

Posted Date :2024-03-01

---

Job Responsibilities:

1. Develop and implement security policies, procedures, and standards to safeguard the organization's information systems and networks.

2. Conduct routine security audits, risk assessments, and vulnerability scans to proactively identify and address potential security vulnerabilities.

3. Monitor and analyze security systems, including firewalls, intrusion detection systems, and antivirus software, to promptly detect and respond to security incidents.

4. Investigate and resolve security incidents by conducting forensic analysis, gathering evidence, and collaborating with relevant stakeholders.

5. Work closely with the IT department to design and deploy secure network architectures, implement data encryption, and manage access control mechanisms.

6. Stay abreast of emerging security threats, industry trends, and best practices to enhance the organization's security posture continually.

7. Provide security awareness training to employees, educating them on security risks and best practices for technology usage.

8. Participate in incident response activities, including the development and maintenance of incident response plans, and ensure timely resolution of security incidents.

9. Conduct regular security assessments of third-party vendors and partners to ensure compliance with the organization's security requirements.

10. Collaborate with internal teams to perform penetration testing and vulnerability assessments, identifying and mitigating security vulnerabilities.

 

Required Skills:

1. Thorough understanding of information security principles, practices, and technologies.

2. Proficiency in conducting risk assessments and vulnerability scans.

3. Familiarity with security frameworks and standards such as ISO 27001, NIST, and PCI DSS.

4. Experience configuring and managing security systems like firewalls, intrusion detection systems, and antivirus software.

5. Knowledge of network protocols, routing, and switching.

6. Strong problem-solving and critical-thinking abilities to identify and resolve security incidents.

7. Excellent communication skills to effectively collaborate with cross-functional teams and communicate security risks to non-technical stakeholders.

8. Ability to work independently and manage multiple priorities in a fast-paced environment.

 

Required Qualifications:

1. Bachelor's degree in Computer Science, Information Security, or a related field.

2. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable.

3. Proven experience in information security, including risk assessment, incident response, and security operations.

4. Knowledge of compliance requirements and regulations such as GDPR, HIPAA, or SOX.

5. Familiarity with security tools and technologies such as SIEM, IDS/IPS, and endpoint protection.

6. Understanding of encryption and cryptographic protocols.

7. Proficient in secure coding practices and web application security.

8. Ability to maintain confidentiality and handle sensitive information with integrity.

Full Name*

Email*

Contact Number*

Location*

Experience*

Your LinkedIn Profile URL

Job Convenience*

Fulltime

Parttime

Freelance

On demand

Submit