Vulnerability Assessment & Penetration Testing Analyst
Gurgaon, India
Applications have closed
Milliman
Discover your path at Milliman. Learn about our uniquely independent company culture and find opportunities in the actuarial profession, risk management, software development, marketing, and more.Job Summary:
We are seeking a highly skilled Vulnerability Assessment and Penetration Testing (VAPT) Analyst in a GCS India IT team with a minimum of 4 years of experience in the Application Security field. The ideal candidate will possess a comprehensive understanding of application penetration testing, secure Software Development Life Cycle (SDLC) design, and a robust knowledge of Vulnerability Management. The position involves performing application security assessments, assisting with security best practices, and conducting thorough Vulnerability Assessments and Penetration Testing.
Primary Duties & Responsibilities:
- Conduct application-level penetration testing, as well as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), to identify vulnerabilities.
- Perform secure code reviews and contribute to secure SDLC design to ensure the development of resilient applications.
- Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats.
- Execute Vulnerability Management (VM) plans, coordinating, monitoring, and supporting activities related to security patching, configuration management, and attack surface management.
- Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices.
- Configure and maintain regular and ad-hoc vulnerability scans against internal and external IT infrastructure.
- Demonstrate proficiency in standards such as ISO 27001, PCI DSS, NIST, and OWASP to ensure compliance and adherence to best practices.
- Utilize tools such as BurpSuite, Nessus, NMap, Kali Linux, Qualys, and Nessus for effective vulnerability assessment and penetration testing.
- Develop and maintain detailed technical documentation, including design documents, test plans, project plans, and procedures.
- Collaborate with stakeholders to plan, track, schedule, and execute assessments effectively.
- Utilize problem-solving, planning, and analytical skills to drive continuous improvement in VAPT processes.
- Interact with stakeholders in a collaborative manner to deliver results, provide feedback, and offer remediation recommendations based on findings.
- Demonstrate excellent analytical, communication, and problem-solving skills in all aspects of the role.
Required Skills & Attributes:
- Minimum of 4 years of experience in Application Security, Vulnerability Assessment, and Penetration Testing.
- In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies.
- Strong experience in conducting application-level testing using SAST and DAST techniques.
- Proficiency in vulnerability management processes and tools such as Qualys and Nessus.
- Familiarity with industry standards and frameworks such as ISO 27001, PCI DSS, NIST, and OWASP.
- Hands-on experience with penetration testing tools like BurpSuite, NMap, Kali Linux, etc.
- Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
- Proven ability to work collaboratively in a team environment and independently when required.
Required Qualifications:
- Bachelor's degree in Computer Science/information technology or other related degree.
- Relevant certifications such as CEH, OSCP, CISSP, or equivalent are preferred.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Burp Suite CEH CISSP Compliance Computer Science DAST Exploit ISO 27001 IT infrastructure Kali Linux Monitoring Nessus NIST Nmap OSCP OWASP PCI DSS Pentesting Qualys SAST SDLC Security assessment Vulnerabilities Vulnerability management Vulnerability scans
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs