Pen Tester

Apply now »

Date: 23-May-2021

Location: Bangalore, KA, India

Company: Alstom

Req ID:103271 

We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 75 000 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.  

NETWORK & LINKS:

The Selected candidate report to Manager - Cybersecurity Excellence Center and will work with a highly motivated Cybersecurity team involved in vulnerability watch and management, vulnerability assessment, scanning and ethical hacking for Alstom’s solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital Mobility division.

 

INTERNAL

The candidate will have strong links internally with

  • Program Managers
  • Product / Software Development Teams
  • Alstom IT Organisation

 

EXTERNAL

  • Regional Cybersecurity Managers
  • Platform Cybersecurity Managers
  • Program / Project Cybersecurity Managers
  • Product & Systems Team

 

OVERALL PURPOSE OF THE ROLE:

We are currently seeking individuals interested in helping us to build and maintain a variety of tooling that Alstom uses to maintain and improve our security posture. Penetration Tester is to lead vulnerability assessments for Alstom products and solution, Perform vulnerability scan, policy scan, penetration test and other security assessments. He also performs vulnerability watch and management, alert the Products and Platforms for existing or new Vulnerabilities that could potentially impact them. Maintain the vulnerability management system and ensure SLAs of the vulnerability management process. He will also be part of the incident response team (PSIRT), perform first level of analysis and participate in vulnerability remediation workflow.

 

RESPONSIBILITIES:

The Pen Tester perform the following activities:

  • Lead a team of Cybersecurity Engineers and responsible for the Penetration Test, Vulnerability scan, Policy Compliance scan and Web Application scan with the help of tools like Qualys or any other industry standard tools and provide the analysis to the programs/projects.
  • Lead a team of Cybersecurity Engineers and responsible for the Penetration test  to evaluate the security by safely trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour.
  • Perform vulnerability watch on Alstom’s solution and projects and alert the responsible teams for existing or new Vulnerabilities that could potentially impact them.
  • Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups
  • Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment
  • Provide internal training on Cybersecurity, vulnerability management process and tools.

 

Qualifications & Skills:

Prior experience in vulnerability assessment, vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Minimum 8 years of experience in performing vulnerability scan, pen tests/vulnerability assessments and vulnerability management, desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain.

 

EDUCATION

  • Bachelors or Masters in Computer Science, Information Technology or equivalent
  • ISA 62443 certification and/or ECSA and OSCP certifications preferred.
  • Desirable to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, CEH, CISM, and Comptia Pen test+.

 

 

BEHAVIORAL COMPETENCIES:

  • Have prior team management experience and as Wells as a  string individuel Player.
  • Be Innovative and be aligned to new technologies, methods and tools
  • Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization.
  • Prior experience in working with European customer is desirable.                                              

 

 

TECHNICAL COMPETENCIES & EXPERIENCE 

  • Having good experience  and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, NTO Spider Burp, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools)
  • Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks.
  • Prior knowledge of security assessment on SCADA and IOT devices.
  • Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell)
  • Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark
  • Experience with static analysis tools and software composition analysis tools
  • Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE)
  • Considerable knowledge on programming languages (e.g. Java, C, C++, C#.NET, Scripting languages)
  • Knowledge of some security solutions and areas, such as: BRP / DRP, GRC, IAM, DLP, PKI, SOC, IDS / IPS, SAP, security, etc.
  • A strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc.
  • Main standards and regulations such as: ISO 2700X, ISA 62443 and NIST..
  • Experience presenting to or training technical audiences a plus.
  • A technical writing experience is a plus.

 

EXPERIENCE / SKILL SET

  • Manual Penetration Testing and Application Security Testing skills
  • Platform - Kali Linux, Windows, CentOS, Red Hat
  • Discovery: Netdiscover, nmap, masscan
  • Services: Nmap, masscan
  • Enumeration: enum4linux, smbclient
  • Application Layer Testing: DirBuster, Nikto
  • Exploitation: Hydra, MetaSploit, SQLMap
  • Vulnerability scan, Web App scan, Policy compliance scan: Qualys, Tenable
  • Web Scanners: Qualys, NetSparker, Acunetix, Burpsuite Pro
  • Network Scanners: Qualys, Nessus

 

  • Language Skills: Proficient in English language
  • IT Skills: MS office tools (Word, Excel, PowerPoint), Visio.

An agile, inclusive and responsible culture is the foundation of our company where diverse people are offered excellent opportunities to grow, learn and advance in their careers.  We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals.   

 

 

Job Type:​Experienced​


Job Segment: ERP, Mainframe, Product Development, SAP, Testing, Technology, Research