Senior Officer- Vulnerability and pen testing (VAPT) analyst

Job Description:

Main Responsibilities and Duties

• Conduct vulnerability assessment of networks, IT services and applications,  and security devices, using various commercial and open source tools.
• Conduct internal and external penetration testing, using known commercial and open source penetration testing tools.
• Conduct mapping and discovery analysis on networks, servers, and security devices, to discover exposed services, vulnerabilities and infiltration points.
• Conduct mapping and code reviews to expose applications vulnerabilities, misuse cases testing, interface testing.
• Develop VAPT assessment scoping and implementation plans and schedules, in coordination with related IT/IS senior management and divisions, to insure tests are focused, adequate, and limited in scope, and does not cause any operational issues.
• Work closely with other SOC team members and IS team to identify and document incidents/ potential threats, and mitigation techniques.
• Ensure VAPT tests and incidents are correctly reported and documented in accordance with Cyber Security & Incident Response policies and procedures.
• Build and maintain Cyber security documentation detailing threats, and mitigation techniques, for incidents, attacks, and vulnerabilities, that might arise from security audit, vendor news-letters or threats announced from well renown Cyber security tracking entities.
• Maintain tracking record of Vulnerabilities and exploits records, it’s risk levels, its mitigation and solution techniques, and follow-up on its implementation with related party.
• Remain vigilant, continuously conduct R&D, to learn new skills, and new tools, and suggest actions that will increase organization over all security posture.

Technical Requirements.

• Strong experience in OSI layers and its Common protocols functionality, possible exploits, common threats, and preventions.
• Strong Knowledge of commercial and open-source vulnerability and pen testing tools.
• Strong Knowledge of one or more programming and scripting tools (Python, Java, PowerShell, Bash, SQL DDL and DML)
• Strong understanding of protocols headers, flags, structure, and communication mechanisms.
• Strong knowledge of well known attacks and vulnerabilities, and mitigation techniques.

Education.

College degree, preferably in Computer Science, or engineering is preferred.

Personal Competencies:

• Good verbal/written communication.
• Excellent interpersonal skills.
• Works well under pressure.
• Responsible attitude.
• Positive team player.
• Able to take initiative.
• Good time management.
• Attention to detail, methodical.

Required Certifications: Any of the below certification is a Plus, or other related.

• OSCP (Offensive security certified professional) 
• CEH (Certified Ethical Hacker).
• LPT (Licensed Penetration testing Master)