Website Royal Dutch Shell

IRM Cyber Defense – Threat & Vulnerability Manager – Penetration Test

Bangalore

72654BR

Job Description

Lead Penetration Tester
The lead penetration tester will play a key role in leading technically on penetration testing on applications, infrastructure and various technologies like Cloud, IoT, mobile, red teaming exercise and upcoming technologies. This role will also be responsible conduct simulated attacks on networks, firewalls, operating systems and web applications.
Lead stake holder management, reporting of vulnerabilities in a timely fashion and mentoring other penetration testers. Being able to identify and prioritize vulnerabilities, report on the findings as well as reviewing them in an effective way to mitigate the identified vulnerabilities is also part of the role. Dealing with a range of internal and external stakeholders, it is important that anyone in this role is as comfortable with the technical aspects as the communication of it.

 Job Responsibility

  • To lead in Security Testing related activities, providing technical assessment of scope, principal security concerns and testing methodology to relevant stakeholders, including face-to-face meetings when requested
  • Drive the planning and execution of penetration tests based on new IT developments and operational services and relevant threat scenarios; plan, scope, execute and report on attack, penetration tests & red teaming for new IT developments and realistic threat scenarios.
  • Is capable and passionate on researching on vulnerabilities, can find new vulnerabilities and attack vectors, able to customize attacks by writing own customized exploits and can create payloads and is dexterous with writing customized tools and scripts.
  • Report on findings, fixing high risk vulnerabilities as soon as possible and registering other vulnerabilities for later risk prioritization and remediation.
  • Help creating prioritized overviews of Cyber vulnerabilities and putting these in a context of IT services and Business applications.
  • Setting up and leading red/blue/purple teaming capabilities blended with social engineering skills Act as a Subject Matter Expert on implications of identified vulnerabilities in IT systems and establishing the priority of applying required remediation, and is passionate about leading, teaching, presenting and inspiring the wider team
  • Leader of the community for security practitioner, involved in review and writing full and thorough reports for each engagement that show quick and constant improvement, based on comments from QA and peers.

Company Description

Shell began operations in India more than 80 years ago. At Shell India, we invest in our people through our industry-leading development programmes, which see our employees, thrive and gain access to experts on a local and global level. To date, we have invested more than US$ 1 billion already in India’s energy sector alone, in socially and environmentally responsible ways. Shell is the only global major to have a fuel retail license in India.

Shell has established a new IT hub in Bangalore, and plans to scale it up over a five year period. The purpose of the IT Hub is to enable the Business by focusing on business outcomes, delivering fit for business technology solutions which enable business agility and profitable growth.

Country of Work Location

India

City, State (if applicable)

Karnataka

Requirements

Experience and Qualifications required

  • Has at least 10+ years’ experience in IT security and preferably 7+ years’ experience in attack and penetration testing/ethical hacking or technical IT audits.
  • Demonstrated deep technical penetration testing on IT infrastructure, web applications, mobile platforms and red teaming
  • Is an expert IP networks and operating systems such as Windows and Unix/Linux.
  • A creative and responsible IT security professional. Has excellent analytical skills and appreciates a technical challenge.
  • Has excellent written and verbal communications skills and able to work with technical experts in the industry as well as able to connect with business stakeholders at a non-technical level.

Tools/ Technology/ Applications experience or certifications –

  • tcpdump, wireshark, nmap, nessus, metasploit and/or commercial tools such as Rapid7, Quallys. Programming languages such as Perl, Python, C, C++, VBS, Java and analytical and reporting tools such as Excel, SharePoint and preferably Splunk.
  • Any certifications such as, CISSP, SANS and preferably: GIAC Penetration Tester (GPEN), SEC 560: Network Penetration Testing and Ethical Hacking, SEC 542: Web App Penetration Testing and Ethical Hacking, GWAPT: GIAC Web Application Penetration, Offensive Security Certified Professional – OSCP Certification, Offensive Security Wireless Professional – OSWP Certification, Offensive Security Certified Expert – OSCE Certification, Offensive Security Exploitation Expert – OSEE Certification, Offensive Security Web Expert – OSWE Certification

No. of Positions

1

Disclaimer

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.

Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.

The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.

Shell is an Equal Opportunity Employer.