Pentester Internship

A BIT ABOUT US

Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 40+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

• Skills - Application Penetration Testing, experience with IoT testing, source code audits.
• Technology Stack: Python
• Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues, research on new technologies/vulnerabilities

Minimum Requirements

• Should have at least 2 years of experience in security or show something that proves experience doesn’t matter
• Must be comfortable with tools like burp suite, 
• Strong Analytical Skills
• Strong grasp of fundamentals of information security
• Strong Grasp of Web and API Pen-Testing
• Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
• Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.

Responsibilities

• Security assessment of web applications.
• Develop and interpret security standards and guides
• Automation of security test cases
• Understand and explain the results with impact on business and compliance status
• Continuously learning and training on the latest tools and techniques

 Work Expectations

Within 1 month

Training on processes, security workflow

Within 3 months

Pentesting Web, Mobile and API endpoints

Within 6 months

Research and publish whitepapers, contribute to the Appknox Web Scanner

Personality traits we admire:-

• A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
• Great attitude to ask questions, learn and suggest process improvements.
• Has attention to detail and helps identify edge cases.
• Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
• Follow timelines and have an absolute commitment to deadlines.
•  

Interview Process - would be team specific

• Round 1 - Profile Evaluation
• Round 2 - Appknox CTF Challenge
• Round 3 -Technical Interview with security team members
• Round 4 - Technical Interview with the CTO and Team Lead
• Round 5 - HR Round

Compensation

•  As per Industry Standards

Why Join Us:-

• Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
• Great Salary & Equity: We keep up with the market standards & provide pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also provide equity options for our top performers.
• Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
• Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will allow you to experience it all first-hand.

We are looking for a motivated Information Security who is a self-starter, has an eye for detail, is analytical in approach, loves solving problems, and someone who can take initiatives to build and improve the company’s information security, identify risks and act on the required changes quickly.

What you will do:

• Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
• Routinely performing threat analysis, system checks, and security tests
• Defining and updating information security criteria and validation procedures
• Effectively discuss to understand safety and security and fix the problems along with different stakeholders
• To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
• To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
• Assess technical security risks in terms of impact to systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
• Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
• Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
• Operate vulnerability scanning and compliance tools to identify system weaknesses
• Represent IT Security matters at technical and business forums

Requirements:

• 3-5 years of relevant experience in the information security field.
• Team handling/Mentoring experience
• Relevant experience working with ISO Policies, GDPR guidelines.
• Strong knowledge of network architecture and security concepts related to routing
• Exceptional attention to detail
• Excellent analytical and problem-solving skills
• Great team player and able to work efficiently with minimal supervision
• Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks
• Able to handle and cope with stressful situations and understands the pressures of a start-up environment.

• OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
• OWASP TOP 10 vulnerabilities and their mitigations
• Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
• Understand/modify exploit code and find logical security flaws in applications
• Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
• To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.

Hiring for Lead Auditor (QMS / ISMS) role.

Job description Below :

• Preparation Dept. Objective reports.
• Preparation of Internal Audit Schedule & Coordination /opening meeting and closing meeting.
• Follow up for Internal Audit closing of Observations.
• Preparation of Management review meeting Input & Output reports.
• Coordination Certification Audit and Surveillance (TUV-SUD) Audit for ISO 9001:2015 and ISO 27001:2013.
• Follow up for closing of Observations.
• To update QMS & ISMS Manual, Procedures, Policies, Risk Assessment Plan, SOA & Formats.
• Internal Audit of ISO - QMS & ISMS standards.

• Document technical and functional specifications
• Perform unit testing of objects/ solutions created
• Perform configuration, integration, and personalizations in Oracle HCM EBS/Cloud
• Work in a functional and technical capacity and analyze business requirements, design, develop and deploy solutions
• Excellent troubleshooting, analytical and problem-solving skills
• Explore & investigate the client's pain areas, extend the scope, and keep the client satisfied

• Minimum a Bachelor’s degree.
• 3 to 10 years of experience as an Oracle HCM Techno-Functional Consultant
• 30% Functional and 70% Technical
• Strong experience in core HR, Payroll, Fast Formula, OTL and SSHR
• Should have expertise in Oracle HCM Cloud advanced tools such as HCM Extracts, HDL, PBL, BI Publisher, OTBI, Application Security, Page Composer, Page Configurator, REST APIs, SOAP, Webservices
• Able to provide strong leadership to develop best practices for effective Techno functional support for the enterprise business process area
• Good communication skills
• In-depth knowledge of the business process and capability to understand business requirements.

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.