Full Job DescriptionOverview
Ivanti has acquired MobileIron and Pulse Secure to deliver intelligent and secure experiences across all devices in the everywhere enterprise. The combination cements Ivanti’s position as a global market leader in Unified Endpoint Management, Zero Trust Security, and IT Service Management.
For more information about the company please visit ivanti.com
Key qualifications
7+ years of experience in Networking and Security Software Space with atleast 3+ years of experience in performing penetration tests, ethical hacking and/or vulnerability assessments on products, web applications and networks.
MUST have Strong Knowledge in Security concepts & technologies such as PKI/Certificates, encryption/hashing, SSL/TLS, HTTPS, AAA/RADIUS/802.1x, various authentication methods, etc
MUST have Strong Knowledge in Networking concepts, technologies & tools such as TCP/IP, DHCP/DNS, Packet Switching & Routing, LDAP, Wireshark, Fiddler, Proxy, VPN, etc.
MUST have hands on Experience on Security Tools & Systems such as Metasploit, BurpSuite, Kali Linux, SQLMap, Skipfish, Nessus, ZAP, Qualys, Blackduck, AppScan, etc.
Strong knowledge of secure design practices, Threat modelling and common software vulnerabilities such as CWE top 25 and OWASP top 10.
MUST have Strong understanding of Threat and attack landscape, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors.
MUST have good understanding on Programming & Scripting languages such as C/C++, Javascripts, Perl, Python, etc.
Good understanding in Cloud Security Architecture and fundamentals including containers, software-defined networks, high availability design, multicloud, and serverless compute.
Experience in implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.).
Experience working in an AGILE environment and working with a geographically distributed team.
Excellent verbal and written communication skills.
What you’ll be doing…
Executing Penetration Test, Vulnerability scan, Web Application scan, etc on Pulse Products using industry standard or inhouse developed tools and systems.
Perform in-depth analysis of penetration testing and Security scan results and create report that describes findings, exploitation procedures, risks and recommendations.
Evaluate & Challenge the Security Posture of Pulse Products by trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour and report any vulnerabilities, anomalies detected.
Provide necessary Technical expertise to the Team, review backlog, replicate new defects, Perform CVSS scoring wherever missing, Validate fixes, review new feature design from Security standpoint and Prepare test strategy wherever needed.
Perform Architectural risk analysis and threat modeling, secure design and source code review
Conduct research on new vulnerabilities and threats regularly to assess their impact on Pulse Products and Solutions.
Coordinate integration of Security Tools by enhancing the current CI/CD pipeline.
Plan to Automate test cases for providing Security Test coverage as part of Product and Release testing.
Education & Certifications:
Bachelors or Masters in Computer Science, Information Technology or equivalent.
Certified Professional with any of the following recognized certifications – CISSP, OSCP/OSCE/OSEE, CEH, etc.
Familiarity with industry common information technology control frameworks, particularly SOC-2, Cloud Security Alliance, and ISO 27001/2.