Job Title

YASH is a Digital services enabler organization delivering vast portfolio of digital services to customers across the globe. Our topline services include Cybersecurity services. We are looking for a candidate with strong security testing skills pertaining to Vulnerability Management, Application Security Testing and Penetration Testing. This role will be part of vibrant YASH’s Cybersecurity services team. As an VMS, AppSec & PT Expert, you will be responsible for assessing and driving the security of different types of applications developed in client environment. Work with development teams or vendors to detect, prioritize and remediate security flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls.Position: Lead Consultant - VMS, Application Security and Penetration TestingLocation: Across IndiaTotal Experience: 8+ YearsHow do you grow and be successful: At YASH, we will offer all support to grow in your career. At the very beginning you will receive a deep knowledge of the current VMS, AppSec & PT practice after your onboarding is completed. You will be measured on the positive contribution in delivering the services to our customers. All our employees will have global exposure from day 1. We will offer you the chance to learn multiple security technologies and solution training programs. Our career path program will reach the highest positions and make a global career to aspiring candidates.Key responsibilities:- Strong experience in Vulnerability Management, Application Security & Penetration Testing.- Strong experience of penetration testing methodologies, tools, and techniques (e.g., OWASP Top 10, Metasploit, Burp Suite).- Strong experience of vulnerability management practices using tools such as Qualys, Nessus and other Experience in external & internal network testing.- Ability to identify security vulnerabilities and provide actionable remediation recommendations.- Collaborate with development and operations teams to integrate security best practices into the SDLC (Software Development Lifecycle).- Prepare detailed reports & presentations for both technical and non-technical stakeholders.- Continuously research & evaluate new tools and techniques to enhance the penetration testing process.- Strong written & verbal communication skills for effective reporting and stakeholder engagement.Qualifications:- Bachelor’s or master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.)- 5 -7 years equivalent experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review- Experience with network penetration testing, firewalls configuration, network architecture and security- Experience in manual penetration testing of websites, APIs and networks using a variety of tools and technologies- Strong experience with vulnerability assessment across different infrastructure components and working with resolver group to prioritize & remediate.- Experience in testing network isolation, escalation of privileges, authentication, expanding the attack surface and exploiting vulnerabilities- Experience securing applications on a myriad of platforms and languages including Java, .Net, Angular, etc.- Experience with a variety of testing tools, including : HCL AppScan, Burp Pro Suite, Veracode, Qualys Suite, NMAP, Metasploit, Kali Linux, Wireshark and OWASP ZAP.- Understanding of common Web Application vulnerabilities like XSS, CSRF, and others.- Experience in identifying and resolving false positive findings in assessments Firm understanding of networks, operating systems and data-center architecture.- Familiarity with cloud technologies (IaaS, PaaS, SaaS, containers) on Google, Azure and AWS environments- Experience performing Red Team, Blue Team Operations is a strong plus.