Greetings from Netsach - A Cyber Security Company.

Job Description

Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management.

Key Skills – Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

Tools and Technologies – Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Job Title: Pentester Role / Application Security Assessment

Exp: 4-6

Job Location: Dubai Onsite 

Job Type: Full-time

No of Opening: 2

Interested candidates kindly share your resumes at emily@netsach.co.in.

Technical Requirement

1. Web Application Security – Owasp top 10 , CVSS etc
2. Security Code Review – manual code review in Git etc
3. API Security Review – Open shift, container review etc.
4. Database Security – Requirements to enhance security on Database
5. Web Server Security – Requirements to enhance security on the web server
6. Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.
7. Integration review – How the application connects with different systems, performed security review on those integrations.
8. Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Education

Bachelor’s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar

Certification Mandatory

• General Information Security: OSCP, CEH, CISM/CISA or similar
• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: Azure Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Skill Set Required

• Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc.
• Good understanding of Microservice based architecture (Technical)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical)
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations.
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards.
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components.
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer.
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar. The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.

Thank You 

Emily Jha

emily@netsach.co.in

Netsach - A Cyber Security Company

www.netsach.co.in