Penetration Tester

Description

Job Title: Penetration Tester

Company Name: Sony India Software Centre

Job Description

Sony India Software Centre is seeking a skilled and motivated Penetration Tester to join our dynamic cybersecurity team. The ideal candidate will have a strong background in ethical hacking and vulnerability assessment, with a passion for identifying and addressing security weaknesses in various systems and applications.

Key Responsibilities

• Conduct thorough penetration testing on applications, networks, and systems to find vulnerabilities that could be exploited by cyber attackers.
• Collaborate with development teams to understand the technical architecture and identify potential security risks.
• Develop detailed reports outlining findings from penetration tests, including risk assessments and remediation recommendations.
• Stay updated on the latest security trends, vulnerabilities, and attack vectors to enhance testing methodologies.
• Assist in the overall security assessment process, including threat modeling and security audits.
• Participate in security incident response and remediation activities when needed.
• Provide training and knowledge sharing with team members regarding security best practices and findings.
  
  

Qualifications

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Relevant certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent are preferred.
• A minimum of 3 years of experience in penetration testing or a related cybersecurity role.
• Proficiency in using penetration testing tools such as Burp Suite, Metasploit, Nessus, and others.
• Strong understanding of networking protocols, web application architectures, and operating systems.
• Excellent problem-solving skills and attention to detail.
• Effective communication skills, both written and verbal, to articulate security issues clearly to non-technical stakeholders.
  
  

If you are passionate about cybersecurity and eager to contribute to protecting Sony's digital assets, we encourage you to apply for this exciting opportunity.

Department

SIE - Product Security

Open Positions

1

Skills Required

Penetration Testing, Network Penetration Testing, Application Security Testing

Role

• Experience in the range of 4-6 years. Work timings being 7 30 AM- 4 30 PM (General Shift).
• Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
• Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
• Work closely with application, network and infrastructure teams when performing tests against new or existing systems
• Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
• Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
• Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
• Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
• Be a part of the SDLC process for testing of new application systems/infrastructure
• Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
• Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc)
• Create, maintain and report metrics that measure effectiveness of various security controls.
• Document areas of significant exposure to information systems and recommend solutions.
• Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
• The ability to articulate risks and findings to management
• Experience in preparing a security threat model and associated test plans.
• Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
• Knowledge of current information security threats. Good understanding of coding best practices and standards.
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
• Excellent communication skills both written and verbal.
• Critical thinking and good problem-solving abilities.
• Organized in planning and time management skills are preferred.
• Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.
  
  

Location

Bengaluru

Education/Qualification

B.E

Desirable Skills

Application Security Testing (Manual)

Years Of Exp

4 to 6 years

Designation

Penetration Tester