Consultant Vapt - Cyraacs @ Cyraac Services

Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities.
Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities.
Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards.
Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders.
Performing comprehensive review and threat adversary modeling for web applications.
Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
Conduct and compile findings on new vulnerabilities, new tools for departmental use.
Create project deliverables / reports and assist the client with remediations and discussions.
Abide by the project timelines and maintain project discipline.

Hands-on Experience is performing Network Security Assessment and vulnerability Assessment.
Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms.
Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.
Familiar working with Publicly available exploits codes.
Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc.
Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes.
Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS.
Good understanding of firewalls, Switches, and Router s configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices.