What is the eligibility criteria to apply for Vulnerability Assessment and Penetration Testing Engineer in Tata Elxsi Ltd in undefined?

The candidate should have completed undefined degree and people who have 7 to 7 years are eligible to apply for this job. You can apply for more jobs in undefined to get hired quickly.

Is there any specific skill required for this job?

The candidate should have undefined skills and sound communication skills for this job.

Who can apply for this job?

Both Male and Female candidates can apply for this job.

Is it a work from home job?

No, it’s not a work from home job and can’t be done online. You can explore and apply for other work from home jobs in undefined at apna.

Are there any charges or deposits required while applying for the role or while joining?

No work-related deposit needs to be made during your employment with the company.

How can I apply for this job?

Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.

What is the last date to apply?

The last date to apply for this job is . For more details, download apna app and find Full Time jobs in undefined . Through apna, you can find jobs in 74 cities across India. Join NOW

Vulnerability Assessment and Penetration Testing Engineer in Tata Elxsi Ltd

Vulnerability Assessment and Penetration Testing Engineer

Tata Elxsi Ltd

Thiruvananthapuram

Not disclosed

Work from Office

Full Time

Min. 7 years

Job Details

Job Description

VAPT Engineer

We are seeking a skilled VAPT Security Engineer with 7+ years of experience in Penetration Testing and Vulnerability Management (VAPT), DevSecOps, Security testing of Web applications, API and Mobile Apps – Android and iOS, IOT/Embedded Device.

Key Responsibilities:

Conduct comprehensive vulnerability assessments and penetration tests on networks, systems, and applications.
Utilize a variety of tools and techniques to identify vulnerabilities, such as networks canning, web application testing, and social engineering
Perform controlled attacks (White-box, Grey-box, Black-box) on systems, networks, web applications and mobile apps to exploit identified vulnerabilities and assess their potential impact.
Simulate real-world cyber-attacks to test the effectiveness of security controls and identify potential weaknesses.
Document and report findings from penetration testing activities, including identified vulnerabilities, exploitation techniques, and potential impacts.
Provide detailed recommendations and remediation strategies to address identified security weaknesses.
Perform the security end to end security testing for Web application covers OWASP Top 10 and OWASP ASVS L2.
Perform the security testing for Mobile apps – Android and iOS covering the OWASP Top Mobile vulnerabilities and OWASP MASVS standards
Perform the security testing for IOT/Embedded devices with eSIM, Ethernet, USB, JTAG interfaces.
Perform the end-to-end security testing for Backend APIs for Web applications and Mobile apps.
Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
Perform the Performance testing for AWS Cloud platform.
Utilize various open-source and commercial tools for vulnerability scanning and penetration testing (e.g., Nessus, Metasploit, Burp Suite).
Maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in network security.
Stay up to date with the latest security threats, vulnerabilities, and attack techniques to proactively identify potential risks and provide recommendations for mitigation.
Implement Static Application Security Testing (SAST) to analyse source code for security vulnerabilities.
Implement the Container Image scanning tools and collaborate with team to remediate security risk and vulnerabilities.
Automation of security controls in CI/CD and security validation and testing: SAST, DAST, IAST, RASP, SCA
Making improvement proposals and defining action plans to optimize security capabilities in DevOps environments to ensure software security.
Collaboration with Internal and external stakeholders in adopting security requirements in cloud environments.
Security assessments in container environments (Docker, Kubernetes) and Security implementation in IaC (Infrastructure as Code).
Analysis of evidence in assessing the cybersecurity maturity based on the DevSecOps software development
Preparation of technical and executive reports.
Provide recommendations and guidance on secure coding practices to software development teams.
Perform security configuration reviews and hardening of systems.
Integrate security practices into the DevOps pipeline to ensure continuous security (DevSecOps).
Perform reverse engineering of software and systems to identify potential attack vectors and develop exploits.
Develop and execute security testing plans and methodologies.
Conduct periodic security assessments to ensure compliance with security policies.
Develop and implement effective mitigation strategies and countermeasures to address identified vulnerabilities.
Perform the Threat modelling for applications as part of DevSecOps.
Perform risk assessments and develop risk mitigation strategies.

Skills Required:

Good understanding of application frameworks, security design patterns.
Hands-on experience in cloud security environments (AWS / Azure)
Proficiency with security testing tools such as Nessus, Burp Suite, MobSF, SonarQube, Nmap, Metasploit, etc.
Excellent understanding of web application architecture and Secure Software development life cycle (SSDLC)
Knowledge of common vulnerabilities and exposures (CVEs).
Hands-on experience in MITRE ATT&ACK and Cyber Kill Chain methodologies
Experience with network security, data hiding, and encryption techniques.
Expertise in scripting languages like Python, Bash, or PowerShell.
Strong understanding of IT security standards and frameworks (e.g., OWASP, NIST, SANS Top 25, ISO 27001).
Experience in performing the security testing using OWASP ASVS L2, MASVS.
Experience with web technologies and web application security.
Knowledge of mobile apps security.
Document findings, methodologies, and recommendations in clear and concise reports.
Strong knowledge of the OWASP, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Click jacking, buffer overflows, etc
Should have knowledge, thorough understanding on various Threat Modelling frameworks and Risk Rating Standards such as STRIDE, CVSS etc
Experience and knowledge of devsecops, integrations and onboarding of applications and tools into the CI/CD pipeline.
Strong knowledge on Infrastructure as Code (IaC).
Experience in offensive security, with the ability to think like an adversary
Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks
Strong experience in operating system and application security hardening and best practices
Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations and hosting providers
Exposure and understanding of enterprise solutions from a functional and security perspective
Ability to document and explain technical details in a concise, understandable manner
Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, SSL pinning, Jailbreak/rooted device, etc.)
Knowledge on Secure coding practices
Strong knowledge on Cryptography
Strong analytical and problem-solving skills
Excellent communication and teamwork skills.
Relevant certifications (e.g., CEH, OSCP) preferred.