- Perform full cycle engagements of penetration testing on business units independently, or as part of a team. i.e. application, networks and infrastructure penetration tests, as well as security review and social engineering tests for the organization.
- Review and define requirements for information security solution.
- Perform security reviews of application design, source code review and deployments, including web applications, web services, mobile applications etc.
- Participate in security assessment of networks, systems and applications.
- Work and improve overall security services, enhancements in the existing methodology and security posture of PTCL.
- Document exploit chain/proof of concept scenarios.
- Security Assessment and Configuration review
- Configure, run and monitor automated security testing tools.
- Perform manual validation of vulnerabilities.
- Remediation testing.
- External Penetration Testing
-CEH, OSCP or other information security certifications.
-Application development background and security knowledge (C, C++, C#. Java, J2EE)
-Vulnerability and threat management experience.
Experience with various security tools and products (AppScan, QualysGuard, Burp Suite etc)
Good understanding of components of secure DLC/SDLC
Understanding of cryptographic controls.
Vulnerability analysis and application reverse skills.
- 4 years of working experience in IT/Information Security/Penetration Testing, preferably with exposure to application security testing (source code review, application penetration tests) and network penetration tests.
- Working knowledge of security principles, techniques &technologies.
- Good understanding of network protocols, design, and operations.
- Strong analytical skills and efficient problem-solving.
- Willingness to learn.
- Strong written and verbal skills.