IBM Penetration Tester_Ethical Hacker in BANGALORE, India

Job Description

About IBM:

IBM is a global technology and innovation company. It is the largest technology and consulting employer in the world, with presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, uniquely distinguishes IBM from other companies in the industry.

Over the past 100 years, a lot has changed at IBM, in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, “be essential.” We are changing how we create. How we collaborate. How we analyze. How we engage. IBM is a leader in this global transformation.

Join the next generation of innovators, inventors and entrepreneurs who are changing the very way the world works. We want the brightest minds doing work that inspires, in an environment where growth is encouraged. IBMers get to discover their potential, so they’re inspired to create breakthroughs that help our clients succeed. We’re building diverse teams with people who want their ideas to matter. Join us — you’ll be proud to call yourself an IBMer

Business Unit Introduction

IBM Cloud Computing is a one-stop shop which provides all the cloud solutions & cloud tools the industries need. IBM Cloud portfolio includes infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS) offered through public, private and hybrid cloud delivery models, in addition to the components that make up those clouds.

IBM Cloud ensures seamless integration into public and private cloud environments. The infrastructure is secure, scalable, and flexible, providing customized enterprise solutions that have made IBM Cloud the Hybrid Cloud Market leader with our Softlayer and BlueMix Platforms.

Ready to help drive IBM's success in the Cloud market? This is your chance to research and learn new Cloud related technology products and services, as well as to design and implement quick Cloud based prototypes while advancing your career in leading edge technology.

Who you are:

As a penetration tester you will perform security testing of IBM product and SAAS offerings in both development and production environments. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and sharing best practices / lessons learnt for secure coding/design.

What you’ll do:

As a penetration tester you will be doing the following:-

• Plan and strategize the penetration test based on available information

• Select, design and create appropriate tools for testing.

• Perform the penetration test on computer systems, networks, web-based applications/APIs and mobile applications using the OWASP and SANS 20 guidelines.

• Document your methodologies, findings.

• Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.

• Review your findings and feedback to development teams.

• Analyse the outcomes and make recommendations for security improvements.

How we’ll help you grow:

  • You’ll have access to all the technical and management training courses you need to become the expert you want to be.

  • You’ll learn directly from Sr members/leaders in this field.

  • You'll have the opportunity to work with multiple clients.

Required Technical and Professional Expertise

  • 3-4 years of hands-on experience in penetration testing & ethical hacking of web applications, hosted infrastructure and network using automated tools for vulnerability assessment and manual pen testing based on OWASP and SANS TOP 25 guidelines.

  • Knowledge of at least one of IBM AppScan OR BurpSuite scanner.

  • Proven knowledge to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.

Preferred Tech and Prof Experience

  • Basic understanding of HTTP Protocol,HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc..,Basic understanding of HTML/JavaScript ,OWASP Top 10 vulnerabilities

  • Assessment of scanner results and intelligently identifying false positives from the scan results.

  • Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.

  • Manual Testing - OWASP Top 10 categories, exploit workflow/navigation of the application and identifying the entry points to perform manual testing.

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.