Job Description

Full Job Description
NSTCyber is inviting applications for Penetration testers| Infrastructure - With Kubernetes Security Knowledge. In this role you will ensure that information and data is resilient against external and internal security threats embed information security mindset as a core element of organization business strategy and provide an independent objective view of Organization’s Security posture to the management committees


As a Penetration tester your responsibilities include but are not limited to the following:

Assess the security and compliance of infrastructure and application technologies by them for weaknesses to protect customers and employees from attacks.
Encourage ‘Shift Left’ Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.
Responsible for security on infrastructure – OS, databases, virtual networks, Software defined data centers etc.
Key Skills – Infrastructure Security, IaaS and IaaC – Infrastructure as a Service and Infrastructure as a code, Platform security, Vulnerability and compliance assessment, Web application assessment, Security code review, Infrastructure security.
Tools and Technologies – Expertise in Ansible, Terraform, Kubernetes, Docker, Jenkins, Openshift and good knowledge about microservice architecture and pipeline driven security.
Understanding of cloud computing technologies. Optionally, demonstrated hands on experience for performing security assessments for one or more of the following:
Core IaaS: Compute, Storage, Networking, High Availability
Data Platform and Bigdata: HDInsight/Hadoop, Machine Learning, Azure Stream Analytics, Azure Data Factory / Data Bricks
Azure PaaS Services: Redis Cache, Service Bus, Event Hub, Cloud Service, IoT suite, Mobile Apps, etc.
Preferrable: Cosmos DB, Azure Kubernetes Service
Experience in one or more automation languages (like Python)
Infrastructure review
Vulnerability Assessment and Penetration testing
Security Code review - Ansible / Jenkins script review
Container Security
Docker Review / Image review
Open-source Libraries review
Application Security
WAF rules review
Policy review for firewalls, proxies etc


Requirements:

Master’s/Bachelor’s degree in a computer-related field
4-9 years of work experience in Information Security
Minimum 3-5 years’ experience as a Network Security Engineer
Deep foundational knowledge on all aspects of Information Security concepts
Good understanding of enterprise level target architecture and public and private cloud platforms (IaaS/PaaS)
Hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical)


NST Cyber partners with global banks and Forbes 2000 companies across 4 continents to deliver independent audits and enterprise security assessments. Our core expertise lies in securing complex, scalable modern-day applications that extensively leverage cloud services and technologies.

With a combination of intelligence-driven active assessments, policy, and control validation, our team ensures your security and success with a best-in-class customer experience.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0027   Knowledge of organization's enterprise information security architecture.
• K0028   Knowledge of organization's evaluation and validation requirements.
• K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0091   Knowledge of systems testing and evaluation methods.
• K0139   Knowledge of interpreted and compiled computer languages.
• K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• K0250   Knowledge of Test & Evaluation processes for learners.

Required Skills

• S0015   Skill in conducting test events.
• S0060   Skill in writing code in a currently supported programming language (e.g., Java, C++).
• S0107   Skill in designing and documenting overall program Test & Evaluation strategies.
• S0112   Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
• S0115   Skill in preparing Test & Evaluation reports.

Required Abilities