Expert, Cybersecurity Penetration Tester

Job Description

This role is part of our global Security Testing unit and will focus on perform penetration testing of those systems, and to provide clear guidance as to how to address weaknesses identified. The role holder will be working in collaboration with the applications security and compliance regional managers and other IT specialists, to train in Schneider Electric security policies, processes, and tools. Responsibilities The Expert, Cybersecurity Penetration Tester will work with project teams to ensure applications meet our security policies.
• Understand project deliverables and application details
• Ability to lead and educate the rest of the team members and other penetration testing groups
• Explore process, reporting and improvement in techniques
• Explore options to commercialize the concept of a penetration testing as a service.
• Ability to collaborate with other penetration teams to align in knowledge, tools and techniques
• Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system
• Propose mitigation steps for identified risks and threats
• Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.
• Work alongside with the cybersecurity community and application teams.
Behaviors and Competencies
• Strong written and verbal communication skills, with a proven ability to communicate with technical staff, as well as project teams , so security risks are understood in business terms
• Keep pace with standards and technologies related to security
• Leadership / Act like owners
• Collaboration / Teamwork
• Requirements Gathering and Analysis
• Interpersonal Skills, proactiveness
• Willing to learn new skills / Learn Everyday and desire to succeed and grow.
Education and Training Essential
• BE or MS or MCA Computers Science or Information Technology or related fields
• M. Tech Computers Science or Information Technology or related fields
• Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.
• Azure / AWS security certifications is a plus.
• CISSP, CEH also a plus
Skills
• Security Web, Mobile, API, Cloud and container security, Thick Client, Network etc
• Applications Development & Delivery
• Understanding or experience on any of the following is an advantage:
  • Cloud Security Assessment and Security Audits of Cloud Environment
  • Vulnerability Management (Process, Tools and Metrics)
  • NIST Cybersecurity Framework
  • Critical Security Controls (CSC)
• Expertise in DevSecOps methodologies is also an advantage.
Knowledge
• Pentest standards and methodologies, OWASP, SANS etc.
• Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments
• Good understanding of server vulnerabilities (Linux, Windows) and hardening
• Familiarity with cloud platforms, and cloud container security
• Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
• Experience with automation, scripting (Python, Perl, Ruby, etc.)
• Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to penetration testing
• Ability to translate technical security topics in a business-friendly manner
• Demonstrable teamwork skills and resourcefulness
Experience Essential
• 7+ years of experience in IT security
• Min 5+ years of experience in penetration testing of web, mobile (iOS & Android), API, thick client
Desirable
• Experience with red teams or CTF (Capture the Flag)
• Experience with reverse engineering
• Presented exploit POC/ research concepts at forums like exploit-db.
• Participated in national/ international cybersecurity conferences.
• DevSecOps implementation and supporting security tooling is desirable (SAST)
,

Keyskills :
security testingemerging technologiespenetration testingsecurity audits