Company: VGreenTEK
Location: Kochi, Kerala, India
LinkedIn post


Penetration Tester (Red Team)

100% Remote 

Must be local to Kerala

Must have 4-6 years of Relevant Experience

18-24 Months Contract

Shift: 2 PM to 10 AM

Overview:

As a Penetration Tester, you will play a critical role in evaluating the security posture of the organization through simulated cyber attacks. Your expertise will help identify vulnerabilities and enhance the overall security measures in place. This role requires a deep understanding of attacker tactics, techniques, and procedures (TTPs) to effectively simulate real-world threats.

Key Responsibilities:

Simulated Cyber Attacks:

Conduct simulated attacks against the organization's infrastructure, emulating the TTPs of real-world attackers. This involves exploiting vulnerabilities in systems, applications, and networks to gain unauthorized access and extract sensitive information.

Vulnerability Assessment:

Identify and assess vulnerabilities in IT assets, including servers, databases, web applications, and network devices. Utilize automated scanning tools, manual testing techniques, and exploit frameworks to uncover security flaws.

Exploitation and Post-Exploitation:

Exploit identified vulnerabilities to gain access to target systems. Conduct post-exploitation activities, including privilege escalation, lateral movement, and data exfiltration, to demonstrate the potential impact of actual cyber attacks.

Social Engineering:

Employ social engineering techniques, such as phishing, pretexting, and physical intrusion, to test the effectiveness of the organization's security awareness training and employee vigilance.

Reporting and Recommendations:

Document findings in a comprehensive penetration test report, detailing exploited vulnerabilities and compromised systems. Provide actionable recommendations for remediation and improvement of security posture.

Collaboration with Blue Team:

Work closely with the Blue Team to coordinate penetration testing activities. Share insights into discovered vulnerabilities and attack techniques to enhance defensive controls and incident response capabilities.

Continuous Learning and Skill Development:

Stay current on the latest security threats, attack techniques, and defensive strategies. Engage in ongoing training, pursue certifications, and participate in industry events to continuously enhance technical skills and expertise.

Certifications (Preferred):

  • Certified Ethical Hacker (CEH)
  • GIAC Penetration Tester (GPEN)
  • Certified Penetration Tester (CPT)
  • Offensive Security Certified Professional (OSCP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Expert Penetration Tester (CEPT)
  • Certified Red Team Operator (CRTOP)
  • EC-Council Certified Security Analyst (ECSA)

Technical Skills:

  • Proficient in penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap).
  • Experience with scripting and programming languages (e.g., Python, PowerShell).
  • Knowledge of network protocols and security mechanisms.
  • Familiarity with web application security vulnerabilities (e.g., OWASP Top Ten).
  • Understanding of security controls and best practices.