Penetration Tester
NTT DATA · Hyderabad, Telangana, India
NTT DATA · Hyderabad, Telangana, India
Job Description **Key Responsibilities:** - Plans, executes and manages complex penetration testing engagements on various IT assets, including networks, applications and databases. - Conducts simulated cyber-attacks, including social engineering, to identify vulnerabilities and assesses the organization's resilience to cyber threats. - Performs penetration tests against internal and external facing systems. - Analyses and interprets penetration test results and provides detailed reports to relevant stakeholders. - Provides input to improve the quality and effectiveness of tests in a highly scaled and global environment. - Articulates complex technical risks through creation of reports and delivering presentations to key stakeholders. - Works with Security DevOps teams to test the orchestration and automation processes and platforms, feed results into a testing program. - Supports the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing. - Provides comprehensive technical expertise with web, application and database vulnerability testing. - Supports the development of the security automation framework and the implementation roadmap. - Provides actionable security recommendations and mitigation strategies to address identified vulnerabilities. - Ensures that penetration testing activities align with relevant industry standards, compliance regulations, and best practices. - Contributes to any security awareness training and education programs to promote a culture of cybersecurity within the organization. - Stays up to date with the latest cybersecurity threats, attack vectors, and defensive technologies to continuously improve testing methodologies. **Knowledge and Attributes:** - Ability to work independently and manage multiple projects within remote environment. - Demonstrates a strong ability to engage with various stakeholders, have a team-based approach and work towards share goals and outcomes. - Ability to think outside the box and a passion to improve your skills and drive innovation. - Ability to compromise systems and demonstrate ways to laterally move post compromise. - In-depth knowledge of common security assessment methodologies, such as OWASP, PTES, or NIST SP 800-115. - Strong understanding of various operating systems, network protocols, and application security. - Proficiency in using penetration testing tools and frameworks, such as Metasploit, Burp Suite, Nmap, and Wireshark. - Knowledge of security assessment tools and technologies used to evaluate web applications, databases, and network infrastructure. - Excellent analytical and problem-solving skills to identify and exploit vulnerabilities effectively. - Strong written and verbal communication skills to deliver clear and concise reports and recommendations to stakeholders. - Ethical and professional conduct with a commitment to confidentiality and data privacy. **Academic Qualifications and Certifications:** - Bachelor's degree or equivalent in Information Technology or Computer Science or related field. - Security related certifications such as OSWE, OSEP, OSCP, OSCE, CRTP, GPEN, or CREST is desirable. **Required Experience:** - Seasoned demonstrated penetration testing experience and ethical hacking gained within a similar global environment. - Seasoned demonstrated experience with both commercial and open-source security tools and scripting languages. - Seasoned demonstrated exposure to security testing scenarios e.g. Capture the Flag / Red Team / Blue Team is desirable. - Seasoned demonstrated experience with various testing platforms e.g. Hack the Box / Vulnhub / PentesterLab is desirable.