A White Hat hacker tests systems and networks by trying to break into them. They are hackers, but their talents are being used to improve Cyber Security. Being hackers, they are familiar with the tactics that malicious hackers use to compromise systems; White Hat hackers try to find the vulnerabilities before the bad guys do.
Will act as Ethical white hat attacker (red teamer) to simulate cyber-attacks, and/or Defensive cybersecurity personnel (blue teamer) to harden against simulated attacks. Develops and prepares penetration testing Rules of Engagement, test plans, and reports. Provides recommended remediation actions to lower overall risk exposure, as required. Provides technical expertise on penetration testing tools and simulation environment.
Knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding application architecture, design, and functionalities with an interest in performing penetration testing of diverse and challenging IT systems and applications.
Should possess any one of the following are industry accepted certifications
1.CISSP – ISC2
2.Offensive Security Certified Professional
3.Certified Ethical Hacker
5.Web Application Penetration Tester (GWAPT)
6.Exploit Researcher and Advanced Penetration Tester (GXPN)
Following are the key responsibilities:
•Researching the intended application or system target via both open-source and dark-web channels
•Scanning target networks and systems with commercial, open-source, or custom vulnerability scanners
•Identify potential vulnerabilities that can be exploited
•Based on the vulnerabilities designing a plan of attack that can includes:
oExploiting software vulnerabilities, systemic vulnerabilities,
oInput / output manipulation, or any combination of those factors
oTesting business logic vulnerabilities
oBypassing existing security controls such as one-time passwords, tokens etc.
•Able to develop scripts (e.g Python, Shell, PowerShell, Ruby, Perl etc) to be used a payload and exploiting vulnerabilities
•Drive remediation by outlining a defence-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.
•Technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.
Should have clear understanding of:
•Deep knowledge of network protocols (IPV6, DNS, HTTP, etc) and accompanying tools (Wireshark, TCPDump, etc)
•Understanding of network administration of Routers and Switching technology (CCNA a plus)
•Understanding of and the ability to perform penetration testing
•Understanding of penetration testing tools and techniques (Kali, Backtrack, Metasploit)
•Understanding of how malicious software works (malware, trojans, rootkits, etc)
Candidates should be flexible / willing to work across this delivery landscape which includes and not limited to Agile Applications Development, Support and Deployment.
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship
Click the following link for more information on your rights as an Applicant : http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law
Capgemini is a global leader in consulting, digital transformation, technology and engineering services. The Group is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year+ heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. Today, it is a multicultural company of 270,000 team members in almost 50 countries. With Altran, the Group reported 2019 combined revenues of €17billion.
Visit us at www.capgemini.com. People matter, results count.