‘Fingers on keyboard’ experience conducting “manual” penetration testing in web, mobile (Both Android & iOS) and thick client testing domains. (Recommended to have expertise in more than 1 domain)
Qualification/ Personal Attributes
Qualification
Bachelor's Degree in a related Cybersecurity/IT/Computer Science field. OSCP, OSCE, SANS GPEN, GXPEN, CRTE, CPSA, CRT or CEH certified.
Experience
Minimum 4-6 years of experience in Cyber Security Penetration Testing.
Network and Application security
OWASP Top 10, SANS 25, MITRE CWE, CVE, secure code review (Two mandatory, more than two will be advantage).
Proficient in coding in one or more Programming languages, especially for scripting (Python, BASH, JavaScript, Ruby, Perl)
OWASP and SANS Testing Methodologies
Threat modelling (STRIDE)
Basic reverse engineering skills (Familiarity with IDA Free, Ghidra, etc.) Basics of ARM exploitation.
Cryptography and certificate management practices
IoT Hardware debugging (preferably Firmware)
Experience working in public cloud environment (Azure, GCP etc.)
Overall knowledge of Secure Development Lifecycle. (SAST, DAST, IAST).
Familiarity working with Linux, Windows, and MacOS environments.
Strong understanding of infrastructure/cloud architecture. This will include using security Tools, manual testing etc.
Knowledge of TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
Ability to develop detailed PoCs, train product team and promote security awareness through Agile Methodologies.
Good understanding of emerging technologies such as IoT and 5G.
Good in exploit writing.
Skills & Attributes
Problem-solving skills with a sharp analytical mind
Capability to collaborate with cross functional teams/3rd parties
Understanding the business side of the application
An ardent researcher of market trends and technology evaluation
Job Description
Responsibilities
Perform advanced Penetration tests on applications (Web, Mobile App – Android & iOS), APIs, IoT devices, Device firmware and Cloud Infrastructures.
Perform exploit and vulnerability research on Luminous software and Firmware products.
Research fuzz testing tools and conduct penetration test on a variety of products via communication interfaces such as Modbus, Wi-Fi, Bluetooth, and others.
Perform White/Black /Grey Box security testing.
Identify and analyze complex security vulnerabilities and threats through social engineering attacks and manual testing.
Assess network architecture, configurations for security vulnerabilities.
Contribute to the development of innovative security testing methodologies and Tools.
Research and experiment with different types of attacks.
Ability to perform malware analysis.
Document security and compliance issues.
Automate common testing techniques to improve efficiency.
Write technical and executive reports.
Communicate findings to both technical staff and executive leadership.
Validate security improvements with additional testing.
Tools:
Kali Linux: Popular pen-testing operating system
Nmap: Port scanner for network discovery
Wireshark: Packet sniffer to analyze traffic on your network
John the Ripper: Open-source password cracker
Burp Suite Pro, OWASP ZAP: Application security testing tools.
Nessus: Vulnerability assessment tool
Ghidra, FAT, Binwalk, VirusTotal: Firmware and Malware Analysis Tool.
MoBSF, Gennymotion, ZED Attack proxy: Mobile App scanning Tools.
About Luminous
Luminous Power Technologies, a leader in power solutions, is a 31-year-old company which started as a small venture. Now on its brand transformation journey, its mission is to become a name synonymous with all-encompassing home electrical, power backup and residential solar solutions and create millions of happy homes in India.
Today, Luminous is already a powerful, trustworthy brand name in 100 million Indian homes, In the course of this successful journey, it has embraced the core values of reliability, consistency, longevity and the highest standards of integrity along with dynamic ideas and innovation. Its consumer-centric focus has led Luminous into new categories to deliver excellence in every product and home solution it offers.
With 7 manufacturing units, more than 28 sales offices in India and presence in over 36 countries our 6000 employees serve more than 60,000 channel partners and millions of customers. Our motto has always been Customer Delight through Innovation & Passion with focus on Execution & Team-work. At Luminous, we passionately innovate to make life comfortable and efficient.
Luminous is a group company of Schneider Electric, a global leader in energy management with presence in over 100 countries, 1.5 lakh people and a revenue of Rs. 2 lakh crore.
