top of page

Cybersecurity Penetration Tester

Bangalore, Karnataka, India

Job Type

Full Time

About the Role

• Understand project deliverables and application details
• Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system
• Propose mitigation steps for identified risks and threats
• Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.
• Work alongside with the cybersecurity community and application teams.
• Explore process, reporting and improvement in techniques
• Ability to collaborate with other penetration teams to align in knowledge, tools and techniques
Skills
• Security – Web, Mobile, API, Cloud and container security, Thick Client, Network, Operating System etc.
• Applications Development & Delivery
• Understanding or experience on any of the following is an advantage:
• Cloud Security Assessment and Security Audits of Cloud Environment
• Vulnerability Management (Process, Tools and Metrics)
• NIST Cybersecurity Framework
• Critical Security Controls (CSC)
• Expertise in DevSecOps methodologies is also an advantage.
Knowledge
• Pentest standards and methodologies, OWASP, SANS etc.
• Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments
• Good understanding of server vulnerabilities (Linux, Windows) and hardening
• Familiarity with cloud platforms, and cloud container security
• Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
• Experience with automation, scripting (Python, Perl, Ruby, etc.)
• Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to penetration testing
• Ability to translate technical security topics in a business-friendly manner
• DevSecOps implementation and supporting security tooling (SAST)
Experience & Certification
• Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API, Thick client & Network.
• Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.
• Azure / AWS security certifications is a plus.
• CISSP, CEH also a plus

Requirements

  • Understand project deliverables and application details

  • Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system

  • Propose mitigation steps for identified risks and threats

  • Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.

  • Work alongside with the cybersecurity community and application teams.

  • Explore process, reporting and improvement in techniques

  • Ability to collaborate with other penetration teams to align in knowledge, tools and techniques

Skills

  • Security – Web, Mobile, API, Cloud and container security, Thick Client, Network, Operating System etc.

  • Applications Development & Delivery

  • Understanding or experience on any of the following is an advantage:

    • Cloud Security Assessment and Security Audits of Cloud Environment

    • Vulnerability Management (Process, Tools and Metrics)

    • NIST Cybersecurity Framework

    • Critical Security Controls (CSC)

  • Expertise in DevSecOps methodologies is also an advantage.

Knowledge

  • Pentest standards and methodologies, OWASP, SANS etc.

  • Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments

  • Good understanding of server vulnerabilities (Linux, Windows) and hardening

  • Familiarity with cloud platforms, and cloud container security

  • Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.

  • Experience with automation, scripting (Python, Perl, Ruby, etc.)

  • Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to penetration testing

  • Ability to translate technical security topics in a business-friendly manner

  • DevSecOps implementation and supporting security tooling (SAST)

Experience & Certification

  • Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API, Thick client & Network.

  • Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.

  • Azure / AWS security certifications is a plus.

  • CISSP, CEH also a plus

About the Company

Cigres Technologies Private Limited is a technology consulting and services company that focuses on helping clients resolve their significant digital problems and enabling radical digital transformation using multiple technologies on premise or in the cloud. The company was founded with the goal of leveraging cutting-edge technology to deliver innovative solutions to clients across various industries.

bottom of page