Position: Application Security Engineer - Red Teaming and Ethical Hacking Specialist - L2.
Location: Navi Mumbai (CBD Belapur).
Experience Required: 5 to 8 Years.
Mandatory Skills: Red Teaming and Ethical Hacking.
Role Objective:
The L2 Specialist shall execute advanced penetration testing and red team engagements and provide technical support to the Level 3 Lead.
Key Responsibilities:
- Execute multi-stage adversary simulations.
- Perform Active Directory exploitation and internal network pivoting.
- Conduct web application penetration testing aligned to Open Web Application Security Project standards.
- Conduct mobile application security testing for Android and iOS.
- Perform vulnerability assessment and follow-up remediation validation.
- Validate detection capabilities of Endpoint Detection and Response and Security Information and Event Management systems.
- Conduct Deep Web and Dark Web monitoring related to the Bank's attack surface.
- Participate in Blue Team exercises.
- Log findings and track closure in incident management portal.
Technical Skills Required:
- Strong expertise in:
- Privilege escalation and credential harvesting.
- Lateral movement techniques.
- Web Application Firewall evasion concepts.
Secure code review basics.
Experience using tools including: Cobalt Strike, Metasploit Framework, Mimikatz, BloodHound, Burp Suite, Nmap, Nessus and Impacket.
Educational Qualification:
- Bachelor's degree in computer science, Information Security, or Engineering (BSc-IT/CS, BE/ B.Tech./BCA).
Essential Certifications (Minimum Two Required):
Any one below certification must mandatorily be:
- Offensive Security Certified Professional issued by Offensive Security.
Additionally, at least one of the following:
- GIAC Penetration Tester.
- Certified Red Team Professional.
- Licensed Penetration Tester issued by EC-Council.
- GIAC Web Application Penetration Tester.
Working Conditions:
- Full-time onsite at Navi Mumbai, CBD Belapur.
- Six days working per week.
- Mandatory working on all Bank working Saturdays.
- Minimum 24 working days per month.
- Availability for extended hours during simulation exercises.
