Sr. Penetration Testing Engineer - VMware -Bengaluru, India
You are responsible for:
- Performing comprehensive security testing that includes the identification, reporting, and
- recommendations for identified vulnerabilities.
- Conducting attack surface reviews and recommending layered defenses to prevent exploits, detect
- and intercept attacks, and discover threat agents.
- Performing complex security test data analysis in support of security vulnerability assessment
- processes, including root cause analysis.
- Performing security research on known and unknown vulnerabilities.
- Implementing processes, capabilities, and techniques for security testing.
- You will be responsible for monitoring external vulnerability disclosure and threat intelligence
- sources to identify and triage new system vulnerabilities and cyber threats targeting VMware.
- Serving as an escalation point on issues, dependencies, and risks related to security testing.
- You will contribute directly to the strategic direction for vulnerability management and security
- testing capabilities at VMware.
- Supporting compliance and risk management activities, recommending security controls and
- corrective actions to mitigate vulnerability risks.
- Providing technical expertise for VMware information security policies and standards.
- 8 years of demonstrated experience in penetration testing.
- Strong understanding of security testing practices and methodologies.
- Extensive experience using security testing and analysis tools (Metasploit, Burp Suite, Kali,
- Wireshark, Nmap, AppCheck, Fortify).
- Experience using common vulnerability scanning tools (Nessus, Qualys, AppScan, etc).
- Experience with cloud computing and security issues related to cloud environments.
- Experience conducting security testing for cloud services (Amazon Web Services, Microsoft Azure,
- Google Cloud Platform).
- Demonstrated knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
- Expert knowledge of system, application, and database hardening techniques and practices.
- Experience with security source code review and development experience in C/C++, Java, Python.
- Authoritative technical knowledge of Internet security and networking protocols.
- Experience with software development.
- Scripting skills such as Python, Perl, Shell, Bash.
- Strong analytical skills and ability to identify advanced threats.
- Ability to communicate effectively at all levels of an organization, across diverse cultural and
linguistic barriers, and among a geographically distributed team.
- Ability to collaborate effectively as part of a team and work independently with minimal supervision.
- Ability to quickly adapt as the external environment and organization evolves.
- Ability to rapidly adjust to new challenges and changes in priority.
- Self-motivated, collaborative, and detail oriented.
- Positive and constructive attitude.
- Ability to prioritize projects and operational workload.
- Excellent written and verbal communications.
- Availability outside working hours for high priority events.
- Some travel required.
- Bachelor’s degree or equivalent experience.
- Certifications such as OSCP, OSCE, GPEN, CEH, CISSP