Skills/Qualifications: Must Have Skills:
8 to 12 years of experience in network / product / system penetration testing.
Having Bachelors or Masters degree in any discipline.
CEH Certification is Mandatory. Additional certifications such as OSCP, CCSP, CCSK will be highly desirable.
Ability to work on advanced exploitation techniques independently.
Experience in Virtualization Security Architecture and Design (VMware, Microsoft Hyper-V, and Citrix Xen).
Knowledge of Attack models that pertain to virtualization and cloud environments
Knowledge of attack frameworks like VASTO, Virtualization Assessment Toolkit to exploit virtualization systems
Encryption tools and techniques for securing mobile virtual machines.
Mentoring / training skills will be desirable.
Good understanding of security development lifecycle processes
Hands on Experience in Performing Large Systems Threat Modeling/STRIDE/DREAD Approaches
Knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
Knowledge of Specific virtualization platform attacks and exploits
Run & Analyze the penetration test (Manual & Automated) and pinpoint the security issues and suggest countermeasures for security improvements.
Demonstrated manual product penetration testing experience; for example, you must be able to simulate a SQL injection without tools, simulate XSS attack, X-Path Injection, etc.
Intimate knowledge and hands-on experience using various penetration testing tools like Nessus, Web Inspect, Nmap (Slow Scans, Service detection, OS detection, namp Scripts), BurpSuite, Nikto, ZAP
Communicate results and security risk Product owners
Good communication & Negotiation skills
Highly motivated with willingness to take ownership/responsibility for their work and ability to work both independently and in a team oriented environment.
Highly customer focused.
Adept at selecting and utilizing appropriate technologies to solve complex problems effectively.
Ability to work within an International team
Good to have skills:
Ability to learn new upcoming security attacks & tools
Knowledge on domain understanding about the HVAC control systems, controllers, sensors etc