Security Engineer - VAPT

Security Engineer-Offensive Operations (Penetration Tester) 

Location: Bangalore 

What is Muthoot FinCorp ONE? Muthoot FinCorp ONE, is a fintech startup, building a financial ecosystem where customers can access relevant and reliable digital services across an expansive range of digital financial products in segments like Lending, Saving & Investment, Protection, and Remittance. Our products are designed to ensure a simple, reliable, and responsive financial environment for our customers. Envisioned to be the most trusted financial service provider, our app has an easy-to-use interface aimed to enhance user experience and comfortable navigation. Our promoter, Muthoot FinCorp Ltd., is one of the most reputed names in the Fintech industry and has the customers' trust in diverse segments like Financial Services, Automotive, Hospitality, Alternate Energy, Real Estate, and Precious Metals. In our quest to build teams across diversified domains, we recently acquired Paymatrix, an award-winning start-up founded in 2016. It has helped us venture into rent and rent-related payments and other vendor payments using credit cards. Currently, we are working on transforming Paymatrix into a Virtual POS platform. Muthoot FinCorp ONE believes in an ownership driven startup culture, where cumulative success is paramount, and each team member is valued and nurtured. What can you expect? Build the future, Today - Build for scale in an ever-expanding marketplace Attractive compensation - Attractive salaries and benefits & Perks & - Wholesome well-being and personal satisfaction Work with the brightest minds in the industry - Premium colleges, great pedigree and amazing teams Dynamic work environment: Stable yet exciting - Constant challenges that test the best in you

Fast-paced growth - Wide exposure, and terrific mentors to accelerate professional growth

Responsibilities:

▪ Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices

▪ Develop and maintain security testing plans for internal environments and vendors

▪ Automate penetration and other security testing on networks, systems and applications

▪ Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk

▪ Produce actionable, threat-based, reports on security testing results

▪ Conduct security audits and legal cyberattack simulations & purple team exercises

▪ Modify open source tools for usage

▪ Provide recommendations based on an assessment of hardware and software systems

▪ Validate bug bounty requests

▪ Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and discuss remediation

▪ Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors, and regulators

▪ Implement solutions to enhance data security

▪ Other systems security tasks as defined by Management.

Qualifications:

▪ Previous working experience as a Penetration Tester for 3 years

▪ In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Rust, Go, C, C#, Ruby, Python, PowerShell)

▪ Hands on experience with testing frameworks such as the PTES and OWASP

▪ Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, and cloud infrastructure such as AWS, Azure, or Google Cloud

▪ Critical thinker and problem solver

▪ Excellent organizational and time management skills

▪ Excellent documentation skills

Preferred Certifications:

▪ TCM Security PNPT or equivalent

▪ eLearnSecurity eCPPT or equivalent

▪ eLearnSecurity eJPT or equivalent

▪ AWS Security Speciality or equivalent