- 경험
- 어느
- 샐러리
- —
- 채용 공고
- 1
- 게시됨
- 5시간전
- 작업 모드
- 사무실에서
- 교육
- 졸업생 누구나
- 적임
- 졸업생이라면 누구나 지원할 수 있습니다.
- 재개하다
- 신청 시 필수 사항
당신이 일하게 될 곳
직무 설명
About the Organization
Yamaha Motor Solutions is part of Yamaha Motor, a global enterprise recognized for land mobility products such as motorcycles, all-terrain vehicles, and electrically power-assisted bicycles, as well as marine products like boats and outboard motors, and industrial equipment including surface mounters and drones.
Role Summary
This Faridabad-based position is for a senior-level vulnerability assessment and penetration testing professional who can evaluate security across web, mobile, API, network, host, Active Directory, cloud, and security device environments. The role involves both hands-on testing and advisory support across security remediation, reporting, stakeholder communication, and continuous improvement of security practices.
Core Security Assessment Work
- Carry out VAPT for web applications, mobile apps on iOS and Android, APIs, hosts, networks, Active Directory, cloud systems, and security appliances.
- Use both manual techniques and automated tools to identify, verify, and exploit weaknesses in line with OWASP, SANS, and accepted industry practices.
- Perform SAST and DAST activities as part of application security evaluation.
- Assess authenticated and unauthenticated attack paths and validate vulnerabilities through proof-based testing.
- Review attack surface exposure and apply threat modeling methods to identify likely risk areas.
- Confirm fixes and re-test issues to ensure remediation has been completed effectively.
Technical Coverage
- Evaluate API security for REST and SOAP services.
- Test network infrastructure, operating systems, host security, and security devices.
- Perform internal network testing and Active Directory security assessments.
- Understand web technologies such as HTML, JavaScript, HTTP/HTTPS, cookies, sessions, and authentication and authorization controls.
- Work with cryptography concepts including encryption, hashing, PKI, digital certificates, TLS/SSL, and secure communication protocols.
- Configure authenticated scans using methods such as basic auth, form-based auth, cookies, tokens, JWT, OAuth, OpenID Connect, and SSO.
- Apply threat modeling approaches such as STRIDE and use IAM and SSDLC concepts in assessment work.
Tools and Methods
- Use tools such as Burp Suite Professional, Nessus, HCL AppScan, Qualys, OWASP ZAP, Nmap, Wireshark, Postman, Kali Linux, Metasploit, BloodHound, CrackMapExec/NetExec, and Impacket Toolkit.
- Support both internal and external assessment approaches using offensive security tooling and structured validation techniques.
Reporting, Remediation, and Collaboration
- Prepare detailed VAPT reports that include findings, risk impact, proof-of-concepts, and practical remediation guidance.
- Work closely with development, infrastructure, cloud, and security teams during issue closure and retesting.
- Share findings with both technical audiences and leadership in a clear and actionable format.
- Provide security recommendations and support wider stakeholder awareness around identified risks.
Research, Improvement, and Broader Support
- Stay current on new vulnerabilities, attack techniques, and evolving security tooling.
- Help build and refine internal methods, scripts, tools, and processes used in security testing.
- Contribute to audits, compliance reviews, and governance-related activities.
- Research emerging offensive techniques and support incident response investigations and post-incident reviews.
- Assist with Quality Assurance Group activities related to security auditing and IT process compliance.
- Support security awareness sessions, training programs, and technical presentations.
Desired Strengths
- Strong analytical thinking and structured problem-solving ability.
- Clear written and verbal communication for both technical and non-technical audiences.
- Ability to work independently as well as within cross-functional teams.
- Strong attention to detail, accountability, and a quality-first mindset.
- Confidence in customer engagement and stakeholder management.
Preferred Background
- Experience or familiarity with red teaming concepts and tools.
- Exposure to cloud security testing in AWS or Microsoft Azure.
- Knowledge of container and Kubernetes security.
- Awareness of SIEM platforms and security monitoring solutions.
- Understanding of secure code review.
- Scripting ability in Python, PowerShell, Bash, or similar languages.
Preferred Certifications
- CEH
- OSCP
- GPEN
- CREST Registered Penetration Tester (CRT)
- PNPT
- CRTP
- CompTIA Security+
- OSWE
Eligibility
This opportunity is open to any graduate.
Additional Information
The source provided no details about salary, perks, notice period, work schedule, or number of openings. Mandatory skill areas mentioned for this role include VAPT, security analysis, Burp Suite, penetration testing, vulnerability assessment, and application security engineering.