Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, San Francisco, Seattle, Bangalore, London, Melbourne, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers and follow us on Twitter @Netskope and Facebook.
Vulnerability Assessment Analyst
- 5+ yr of exp in Cybersecurity
- Proven expertise & track record in Web and Mobile application Penetration testing (Web, Mobile, API/Web Services)
- Proven expertise & track record in Network and system Penetration testing (Web, Mobile, API/Web Services)
Must Have: Experience in Tools for Firewall Evasion, Abuses to IPSec VPN, Border Gateway Protocol, GRE Tunneling.
- Be able to lead an assessment or penetration test with 1-2 other resources
- Be able to lead a red team engagement and participate in a purple team engagement.
- Be an expert in penetration testing methodology
- Have experience in developing exploits and tooling from vulnerabilities both pre and post exploitation.
- Should have experience with tools Burp suite, Metasploit, Tenable, SQL Map, NMAP, SCAPY, and other tools.
- Knowledge of OWASP Web and Mobile Top 10 vulnerabilities and identifying them.
- Knowledge of TCP/IP and other application and network level protocols.
- Conduct vulnerability assessment and penetration testing and configuration review for systems and networks.
- Be able to author and issue reports on assigned application and system scan.
- Support Jr. resources in their authoring of reports and issues.
- Support and recreate proofs of concept from security reports.
- Support and be a member of the PSIRT organization.
- Good exposure to Cloud Applications like AWS, Azure and other SAAS Applications
- Experience in Automating Security tasks using Python or Java Frameworks is a bonus
- Should be able to think ""Out of the box"". Possess ability to think and implement new attack approaches/vectors.
- Should be able to support the development of tooling for CI/CD/CS processes enabling other teams to test their own systems and work output.
- Should possess relevant university degree and/or professional qualifications/certification (e.g. CEH, OSCP)
- Be able to maintain and contribute to the threat models
- Support sessions to teach system and network exploitation and security testing methods to resources.
- Excellent written and verbal communication skills.
- Self-motivated, curious, knowledgeable pertaining to news and current events.
- BE/B.Tech/M.Tech /Masters Degree