IN- Associate_VAPT _Security Testing_Advisory _Mumbai
PWC
0 - 3 years
Mumbai
Posted: 22/11/2024
Job Description
Line of Service
AdvisoryIndustry/Sector
FS X-SectorSpecialism
RiskManagement Level
AssociateJob Description & Summary
A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.Responsibilities:
- Network Security Analysis: Conduct in-depth analyses of computer networks to identify vulnerabilities and gaps in security.
- Security Tools Management: Administer and manage a variety of security products, including firewalls, IDS/IPS, Firewall Analyzers, Azure Firewalls, NSGs, Application Gateways, and WAFs.
- Firewall and VPN Administration: Oversee the administration of firewalls, routers, VPNs, and other security tools to ensure robust network security.
- Scripting and Automation: Utilize scripting languages such as Python to automate security tasks and enhance operational efficiency.
- System and Network Management: Work with Linux and/or Windows Operating Systems, coding languages, and network environments to support and enhance security measures.
- Networking Knowledge Application: Apply knowledge of networking concepts, including LAN, WAN, TCP/IP, web protocols, and network-related cyber-attacks.
- Recon Tools Usage: Use network assessment and reconnaissance tools like nmap, Angry IP, and Metasploit for comprehensive security assessments.
- Penetration Testing: Perform penetration testing activities within client environments, emphasizing manual and stealthy techniques.
- Red Team Engagements: Execute stealthy penetration testing, advanced red team, or adversary simulation engagements using offensive security tools and utilities.
- Vulnerability Identification: Identify security-critical vulnerabilities without relying on vulnerability scanning tools.
- Active Directory Compromise: Compromise Active Directory environments and demonstrate business impact by accessing critical assets and information.
- Social Engineering and Phishing: Conduct social engineering and phishing activities, including reconnaissance, campaign development, and malicious payload creation.
- Client Interaction: Participate in client discussions, communicate potential add-on services based on identified weaknesses, and actively engage in meetings.
- Engagement Management: Manage engagements with junior staff, prepare concise and accurate project deliverables, and balance project economics with unexpected issues.
- Team Environment: Create a positive environment by monitoring team workloads, meeting client expectations, and respecting team members' work-life quality.
- Continuous Learning: Proactively seek guidance, clarification, and feedback, and keep leadership informed of progress and issues.
Mandatory skill sets:
- In-depth knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.
- Hands-on experience with networking protocols, TCP/IP stack, systems architecture, and operating systems.
- Ability to perform penetration testing activities using manual stealthy techniques and advanced red team engagements.
- Capability to identify security critical vulnerabilities without using a scanning tool.
- Experience in compromising Active Directory environments and demonstrating business impact.
- Skills in social engineering/phishing activities, including reconnaissance, developing phishing campaigns, and creating malicious payloads.
- Effective participation in client discussions and meetings, and communicating potential add-on services based on identified weaknesses.
- Proven record of preparing concise and accurate documents and project deliverables.
- Ability to balance project economics with unanticipated issues and create a positive work environment for the team.
Preferred skill sets:
- Expertise in security testing tools like BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, and tools from Kali Linux.
- Proficiency in common programming and scripting languages such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.
- Deep understanding of well-known cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS.
- Experience with traditional security operations, event monitoring, and SIEM tools.
- Demonstrated ability to manage engagements, mentor junior staff, and balance project economics.
- Strong documentation skills and proficiency with MS Office and Google Docs.
- Ability to create a positive team environment and manage workloads effectively.
- Proactive in seeking guidance, clarification, and feedback, and keeping leadership informed of progress and issues.
Years of experience required:
3+ years
Education qualification:
B.Tech
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required: Bachelor of EngineeringDegrees/Field of Study preferred:Certifications (if blank, certifications not specified)
Required Skills
Transmission Control Protocol (TCP)Optional Skills
Desired Languages (If blank, desired languages not specified)
Travel Requirements
Available for Work Visa Sponsorship?
Government Clearance Required?
Job Posting End Date
About Company
PricewaterhouseCoopers (PwC) is a global professional services firm providing audit, tax, and consulting services. PwC helps organizations manage financial risks, comply with regulations, and improve performance through its expertise in industries like finance, healthcare, and technology.
Services you might be interested in
One-Shot Campaign
Reach out to ideal employees in one shot!
The intelligent campaign for reaching out to the ideal audience to whom you can ask for help (guidance or referral).