· Conduct the Breach and Attack Simulation (BAS) activities to identify the risk and vulnerabilities to check effectiveness of security defense and score.
· Identify high-risk applications from customer portfolio that need consideration their requirements for security assessments, such as Business Critical, Crown jewelers, Data Sensitive based on e-commerce, CMS, payroll applications, etc.
· Conduct Pentest on internal applications using black box and grey box methods. This involves scanning and crawling the application, analyzing tool outputs, and manually testing to identify and report the vulnerabilities according to OWASP top 10 vulnerabilities.
· Conduct bloodhound activity to find the Active Directory misconfigurations permissions, i.e., ACL permissions, excessive local admin rights, targetable users and computers, misconfigurations service account, password policy, etc.
· Conduct sensitive information hunting using the OSINT framework and internal file share assessments to prevent internal information disclosure.
· Creating SOP documents for offensive securities activities.
· Providing recommendations and tracking the vulnerabilities to closure.
· Gather details on the scope of work for network subnets and the list of applications, and formulate a detailed plan on a quarterly basis for necessary approvals.
· Notify the team to perform daily external black-box network and web application penetration testing.
· Conduct automated and manual network penetration testing on designated subnets using tools such as Tenable Nessus Professional, Nmap, Metasploit, manual scripts, Kali Linux Tools, and other open-source tools available on GitHub.
· Preparing comprehensive security vulnerability reports and provide walkthrough of the report and revalidate the identified vulnerabilities.
· Create quarterly executive summaries and dashboards for presentations, ensuring coordination and communication across various lines of business owners.
Knowledge in:
Awards and Rewards: