Website:
sonyindiasoftware.co.in
Job details:
Sony India Software Centre (SISC), is seeking
Sr. Penetration Testing engineer to join the InfoSec division under Sony India Software Centre
Job Responsibilities:
Role Summary: Lead advanced penetration testing engagements, vulnerability assessments and threat modeling across diverse digital ecosystems.
- 8 to 10 years of relevant experience in Security Assessment.
- Scope assessment: Define clear technical boundaries for client engagements.
- Full-stack assessment: Execute hands-on Web App, Mobile, API, Network and Cloud penetration tests.
- White-box analysis: Perform Static Application Security Testing (SAST) and code reviews to locate deep logical flaws.
- Methodology alignment: Conduct all assessments in strict accordance with OWASP Top 10, OSSTMM frameworks, etc.
- Tool proficiency: Master commercial and open-source tooling including Burpsuite Professional, Qualys, Invicti, Nmap, Kali Linux, Metasploit, etc.
- Architecture modeling: Build comprehensive security threat models and design structured, risk-based test plans.
- Scripting proficiency: Develop custom exploits using Python, Go, Bash etc…
- In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
- Threat intelligence: Maintain up-to-the-minute knowledge of modern threat actor tactics, techniques, and procedures (TTPs).
- Technical translation: Translate highly complex vulnerabilities into clear, actionable procedures for sysadmins and developers.
- Executive reporting: Deliver articulate written reports and verbal briefings tailored for non-technical management stakeholders.
- Project ownership: Demonstrate rigorous organization, time management and critical thinking while managing multiple client timelines.
- Build repeatable, template-driven processes for rapid delivery
- Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) or Certified Red Team Professional (CRTP) is desirable.
Key Responsibilities:
- Maintain a good relationship with key stakeholders in business, IT, Application & ISO teams to deliver on security requirements timely and effectively.
- Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Cloud environments, Web services/APIs and mobile applications/devices.
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
- Produce actionable, threat-based reports on security testing results.
- Stay abreast of newer trends in tools and technologies used for Pen Testing services.
Soft Skills:
- Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer-centric and collaborative mindset.
- Works autonomously within established procedures and practices.
- Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.
- Provide leadership to the global team at strategic, tactical and operational level.
Web App,Mobile,API,Network and Cloud penetration tests.,Static Application Security Testing (SAST) and code reviews
Sony India Software Centre (SISC), is seeking
Sr. Penetration Testing engineer to join the InfoSec division under Sony India Software Centre
Soft Skills:
- Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer-centric and collaborative mindset.
- Works autonomously within established procedures and practices.
- Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.
- Provide leadership to the global team at strategic, tactical and operational level.
Click on Apply to know more.