Permanent Hiring

RJC988 | Penetration Testing Engineer

Remote,India

  • Upload File

Role Description

As a Penetration Testing Engineer, you will conduct security assessments on desktop, mobile, and cloud platforms to identify vulnerabilities and potential threats. You’ll perform both automated and manual testing, analyze results, and collaborate with teams to implement security controls. The role involves staying up-to-date with the latest security trends and providing guidance to stakeholders on best practices. You will also assist in cloud security assessments and help design secure architectures. Expertise in penetration testing tools and methodologies, along with knowledge of cloud platforms, is essential for this position.

Role & Responsibilities:

  • Conduct Penetration Testing: Perform security tests on desktop, mobile, and cloud platforms to identify vulnerabilities and threats.
  • Automated & Manual Testing: Use both automated and manual methods to simulate attacks and detect security weaknesses.
  • Report Findings: Analyze security results, create clear reports, and provide remediation advice to address risks.
  • Collaborate for Mitigation: Work with teams to develop and implement security controls to mitigate identified risks.
  • Stay Informed: Keep up with the latest security threats, attack techniques, and industry best practices.
  • Cloud Security Assessments: Review cloud security controls like authentication, encryption, and access management.
  • Cloud Provider Audits: Conduct security assessments of cloud providers to ensure compliance with standards and regulations.
  • Secure Cloud Architecture: Assist in designing secure cloud architectures and implementing best security practices.
  • Security in SDLC: Collaborate with development teams to integrate security throughout the software development and deployment cycle.
  • Provide Security Guidance: Advise internal stakeholders, including developers and system admins, on security best practices.
  • Qualifications: Expertise in penetration testing, knowledge of security standards (e.g., OWASP, NIST), and experience with cloud platforms (AWS, Azure, GCP).
  • Certifications: Certifications like CEH, OSCP, or CCSP are a plus;

Mobile Penetration Testing Tools

  • MobSF (Mobile Security Framework): For dynamic and static analysis of Android/iOS apps.
  • Frida & Objection: For runtime manipulation of mobile applications.
  • Burp Suite: For intercepting and analyzing mobile app traffic.
  • APKTool: For reverse engineering Android apps.
  • Drozer: For comprehensive security assessments of Android apps.

Web Penetration Testing Tools:

  • Burp Suite: A widely used tool for scanning and manual testing of web applications.
  • OWASP ZAP (Zed Attack Proxy): For web application vulnerability scanning.
  • Nikto: A web server scanner for identifying security vulnerabilities.
  • SQLmap: For automated SQL injection and database takeover.
  • Wfuzz: A tool for brute-forcing web application parameters.

Cloud Penetration Testing Tools:

  • Pacu (AWS exploitation framework): For assessing the security of AWS environments.
  • ScoutSuite: For multi-cloud environment security auditing (AWS, Azure, GCP).
  • CloudSploit: For cloud infrastructure security assessment and configuration checks.
  • AWS Inspector/Azure Security Center/GCP Security Command Center: For vulnerability assessments and policy compliance checks within cloud environments.