Job Description

Company DescriptionNEC Software Solutions (India) Private Limited! is based in Mumbai (Worli & Airoli) and
Bangalore with an employee strength of 1300+. It is one of the foremost providers of end-
to-end IT services across various sectors. We work with diverse industry verticals which
include publishing, media, financial services, retail, healthcare and technology companies
around the world. Our customers range from two-person startups to $bn listed companies.We have more than 30 years of experience in providing end to end IT services across the
globe and have earned a reputation for delighting our customers by consistently surpassing
expectations and helping them deliver robust, market-ready software products that meet
the highest standards of engineering and user experience. Supported by more than 1300
exceptionally talented manpower, we are a hub for offshore support and technology
services.We are seeking a talented and motivated Application Penetration Tester to join our growing security team. In this role,you will be responsible for identifying and exploiting vulnerabilities in web applications, APIs, and mobile applications.You will work closely with developers and security engineers to remediate vulnerabilities and improve the overall security posture of our applications.Communication and collaboration are paramount to this role, the application penetration tester will be working closely with internal stakeholders on a continuous basis,providing application security testing and secure application design and implementation guidance.The successful candidate will be able to demonstrate recent experience undertaking comprehensive application penetration testing using manual and automated testing techniques.The successful candidate will join the central architecture and design team that comprises enterprise, security, and technical architecture disciplines as well as including the application penetration testing team.Responsibilities will include:\xc2\xb7 Plan and execute penetration testing engagements for web applications, APIs, mobile applications, thick clients, infrastructure and cloud penetration testing.\xc2\xb7 Identify and exploit vulnerabilities in applications using manual and automated testing techniques.\xc2\xb7 Document findings in detail, including proof-of-concept exploits and recommendations for remediation and report writing skills.\xc2\xb7 Collaborate with development and security teams to remediate vulnerabilities and improve application security.\xc2\xb7 Stay up-to-date on the latest hacking techniques, vulnerabilities, and security tools.\xc2\xb7 Participate in security code reviews and provide guidance on secure coding practices.\xc2\xb7 May assist with developing and maintaining internal security tools and processes.ExperienceEssential\xe2\x97\x8f Experience using a formal application penetration testing methodology such as Open-Source Security Testing Methodology Manual (OSSTMM) or Penetration Testing Execution Standard (PTES).\xe2\x97\x8f Experience using Kali Linux including bundled penetration testing tools (Nmap, Wireshark, OWASP ZAP, Sqlmap, Metasploit).\xe2\x97\x8f Experience using Burp Suite for application penetration testing.\xe2\x97\x8f Knowledge of scripting and programming languages (e.g., Python, Ruby, Bash, Powershell) for custom tool development and automation.\xe2\x97\x8f Familiarity with various operating systems and network structures, including client/server, Unix/Linux systems, Mac OS X, VMware/Xen, Virtual Box and cloud technologies such as AWS, Azure, or Google Cloud and Active Directory.\xe2\x97\x8f Understanding of common application issues and remediation techniques, OWASP Top 10.\xe2\x97\x8f Understanding of secure development practices within a secure software development lifecycle, experience of Waterfall, Agile and DevOps / DevSecOps practices.\xe2\x97\x8f Hold at least one recognised application penetration testing certification, e.g. Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), CompTIA PenTest+.\xe2\x97\x8f Can produce high quality documentation including test reports and best practice guidance.\xe2\x97\x8f Good Interpersonal, written and verbal communication skills.Desirable\xc2\xb7 Working knowledge of threat modelling methodologies to conduct threat-modelling against new applications and services.\xe2\x97\x8f Familiarity with compliance & security standards across the enterprise IT landscape such as ISO 27001 and NCSC Cyber Essentials, as well industry security requirements such as NIST and CIS.

NEC Software Solutions