Security and Penetration Engineer - LendingKart - Bangalore, IN

Security and Penetration Engineer - LendingKart - Bangalore, IN

Responsibilities:

  • Conduct security penetration testing and performs ongoing vulnerability assessment and penetration testing of internal, perimeter, external and wireless networks and web applications Identify weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive and confidential company information and data Ensure security requirements are implemented within various stages of the system development life cycle process
  • Work closely with development teams to pen test new features within internally developed applications Validate and address vulnerability / threat findings from static and dynamic analysis tools Characterizes threats and provides recommendations for remediation
  • Manages remediation efforts to completion Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company Coordinate, schedule and perform routine internal application, network, system and infrastructure penetration testing Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products Examine communications protocols and data storage mechanisms for security risks Validate, address and document responses to security findings from third-party penetration testing engagements
  • Conduct security assessments against web applications and APIs across a variety of technology stacks
  • Ensure adequate security requirements and privacy by design are built in to all architecture/infrastructure/projects Member of the Security Incident Response team as needed Perform other security team relevant duties and responsibilities as assigned

Qualifications:

  • Bachelors degree preferred in Computer Sciences, Information Technology, Information Security or other related field Minimum 3 years of related work experience, which includes two (2) years of practical experience in security incident management and response and two (2) years of practical experience in threat modeling, penetration testing and/or secure application development
  • Knowledge of HTTP, TCP/IP networking required Knowledge of penetration testing methodology
  • Required Knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and Mobile Top 10 CEH Certification or comparable penetration testing certification required.
  • At least one industry standard certification such as Certified Information Systems Security Professional (CISSP) or Security highly desired Demonstrate an understanding of programming and scripting skills
  • Familiar with application security tools such as Rapid7, Core Impact, BurpSuite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, Kali Linux Experience with a programming language (PHP, Python, Perl, Ruby, Java, Node.js, JavaScript, etc)
  • Experienced with fingerprinting web applications and frameworks, cross site request forgery(CSRF), cross site scripting(XSS), HTTP method tampering, SQL injection, XPath injection cross origin resource sharing(CORS) etc
  • Experience with Configuration and Deployment Management Testing, Identity Management Testing, Cookie/Session
  • Management,Authentication/Authorization Testing, Input Validation Testing, Privilege escalation testing, Enumeration testing Ability to think outside the box and emulate adversarial approaches