The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

IBM Security Consultant - Penetration Testing
India, Karnataka, Bengaluru
781581864

29.07.2024

Your Role and Responsibilities
Product Transformation Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design.

Key responsibilities

Plan the penetration test
Select, design and create appropriate tools for testing
Perform the penetration test on computer systems, networks, web-based and mobile applications
Document your methodologies, findings
Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.
Review your findings and feedback to development teams
Analyse the outcomes and make recommendations for security improvements
Carry out application, network, systems and infrastructure penetration tests
Review physical security and perform social engineering tests where appropriate
Evaluate and select from a range of penetration testing tools
Keep up to date with latest testing and ethical hacking methods
Deploy the testing methodology and collect data
Report on findings to a range of stakeholders
Make suggestions for security improvements
Enhance existing methodology material

Required Technical and Professional Expertise

Experience – 4 to 8 years in Cybersecurity
Web Application Testing
Basic understanding of HTTP Protocol
HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc.
Basic understanding of HTML/JavaScript
Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities

Automated Testing

Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.)
Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc…) to perform successful scan.
Assessment of scanner results and intelligently identifying false positives from the scan results.
Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.

Manual Testing.

Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.
Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.
Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.

Preferred Technical and Professional Expertise

Webservice Testing
SOAP/REST APIs testing.
Configuring cURL commands and POSTMAN tool to capture the request in automated scanner.

Network Testing

Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc.
Basic understanding of network devices like router, switches, firewall/IDS/IPS etc..
Network scanning tools such as Nessus, Nmap, Metasploit etc.
Exploitation and Post Exploitation of network vulnerabilities.
Threat Model and Source code security scanning
Perform/Participate in threat model creation/design or review
Perform source code security scanning using (SAST) tools like IBM AppScan, Contrast and other popular open-source tools.