Job Title: Offensive Security Engineer (Ransomware Penetration Testing)

Duration: Full time role

Location: Hybrid (Pune)

NOTE: Need at least 5 years of exp in Pen testing

NOTE: Need at least 5 years of exp in Pen testing

NOTE: Need at least 5 years of exp in Pen testing

Job Description:

Responsibilities:

• Execute complex Red Team engagement as a penetration tester, simulating real-world ransomware / malware attacker scenarios to uncover critical vulnerabilities
• Identify, research, and exploit various vulnerabilities (including zero-days) to gain unauthorized access to systems and data.
• Develop custom tools, scripts, and exploit code.
• Document findings in a clear, concise, and actionable manner, including detailed reports with working proofs of concept and recommendations for remediation and product improvements
• Collaborate with the Blue Team (engineering and QA)to prioritize vulnerabilities, develop mitigation strategies, and improve overall security posture through tangible requirements
• Participate in knowledge sharing by mentoring junior team members and presenting findings, including opportunities to document reports for external consumption

Qualifications:

• Minimum 5+ years of experience in offensive security engagements.
• Proven experience in participating in Red Team engagements.
• Expertise in various operating systems (Mac, Linux, etc.) and scripting languages (Python, Ruby, etc.).
• Coding skills to automate tasks, customize attacks, and create payloads
• Solid understanding of networking concepts, such as TCP/IP, DNS, HTTP, FTP, SMTP, and VPN.
• Hands-on knowledge on how to use network analysis tools, such as Nmap, Wireshark, and Metasploit, to scan, sniff, and exploit network services and protocols. Ability to discover and map network devices, identify open ports and services, and bypass firewalls and other security measures.
• System knowledge . Good understanding of OS concepts
• Experience with exploit development and post-exploitation techniques.
• Strong understanding of the threat landscape and attacker motivations.
• Well-versed in security principles, such as encryption, authentication, authorization, and access control.
• Good knowledge of malwares , ransomwares , APTs , Trojans and how they work.
• Ability to think outside the box, and come up with innovative and unconventional ways to break into a system or network.
• Excellent communication, collaboration, and problem-solving skills.