Sr. Penetration Testing Engineer - VMware -Bengaluru, India

Sr. Penetration Testing Engineer - VMware -Bengaluru, India

Job Description:

You are responsible for:

  • Performing comprehensive security testing that includes the identification, reporting, and
  • recommendations for identified vulnerabilities.
  • Conducting attack surface reviews and recommending layered defenses to prevent exploits, detect
  • and intercept attacks, and discover threat agents.
  • Performing complex security test data analysis in support of security vulnerability assessment
  • processes, including root cause analysis.
  • Performing security research on known and unknown vulnerabilities.
  • Implementing processes, capabilities, and techniques for security testing.
  • You will be responsible for monitoring external vulnerability disclosure and threat intelligence
  • sources to identify and triage new system vulnerabilities and cyber threats targeting VMware.
  • Serving as an escalation point on issues, dependencies, and risks related to security testing.
  • You will contribute directly to the strategic direction for vulnerability management and security
  • testing capabilities at VMware.
  • Supporting compliance and risk management activities, recommending security controls and
  • corrective actions to mitigate vulnerability risks.
  • Providing technical expertise for VMware information security policies and standards.

Required Skills:

  • 8 years of demonstrated experience in penetration testing.
  • Strong understanding of security testing practices and methodologies.
  • Extensive experience using security testing and analysis tools (Metasploit, Burp Suite, Kali,
  • Wireshark, Nmap, AppCheck, Fortify).
  • Experience using common vulnerability scanning tools (Nessus, Qualys, AppScan, etc).
  • Experience with cloud computing and security issues related to cloud environments.
  • Experience conducting security testing for cloud services (Amazon Web Services, Microsoft Azure,
  • Google Cloud Platform).
  • Demonstrated knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
  • Expert knowledge of system, application, and database hardening techniques and practices.
  • Experience with security source code review and development experience in C/C++, Java, Python.
  • Authoritative technical knowledge of Internet security and networking protocols.
  • Experience with software development.
  • Scripting skills such as Python, Perl, Shell, Bash.
  • Strong analytical skills and ability to identify advanced threats.
  • Ability to communicate effectively at all levels of an organization, across diverse cultural and
    linguistic barriers, and among a geographically distributed team.
  • Ability to collaborate effectively as part of a team and work independently with minimal supervision.
  • Ability to quickly adapt as the external environment and organization evolves.
  • Ability to rapidly adjust to new challenges and changes in priority.
  • Self-motivated, collaborative, and detail oriented.
  • Positive and constructive attitude.
  • Ability to prioritize projects and operational workload.
  • Excellent written and verbal communications.
  • Availability outside working hours for high priority events.
  • Some travel required.

Preferred Skills

  • Bachelor’s degree or equivalent experience.
  • Certifications such as OSCP, OSCE, GPEN, CEH, CISSP