Penetration Tester

Job Description - Penetration Tester (240000HL) Job Number: 240000HL Requisition Title : Penetration Tester Description :

Your team responsibilities

Conducting thorough assessments of systems, networks, and applications to identify potential security vulnerabilities.

Performing simulated cyber attacks to exploit identified vulnerabilities and assess the effectiveness of existing security controls.

Documenting findings from assessments and penetration tests, and providing actionable recommendations for remediation and strengthening security defenses.

What we offer you

• At MSCI we are passionate about what we do, and we are inspired by our purpose – to power better investment decisions. You’ll be part of an industry-leading network of creative, curious, and entrepreneurial pioneers. This is a space where you can challenge yourself, set new standards and perform beyond expectations for yourself, our clients, and our industry.

• Wherever you are located you will find transparent compensation schemes and employee benefits that can help ensure your financial security and health. While they vary by different locations, we offer a broad range of benefits that are part of the value you receive as an MSCI employee.

• Our flexible ways of working will allow you to maximize your potential, and we will empower you with the trust, accountability, and advanced technology to perform at your very best.

• You’ll find a purposeful approach to wellbeing to provide you with all the resources you need to be your best at work and in your personal life. Our ‘Here For You’ Employee Assistance Program is available for our employees globally, providing confidential emotional support, financial and legal advice free of charge.

Your key responsibilities

• Manage the execution of penetration tests performed by MSCI vendors.

• Under the direction of senior AppSec staff, perform internal penetration tests:

o Identify and exploit vulnerabilities in applications

o Document findings and recommend remediation strategies

o Collaborate with Cybersecurity and Engineering Teams to enhance security protocols.

o Conduct Security Assessments and Risk Analysis

o Develop and maintain security testing plans and protocols

• Develop and implement recommendations to enhance MSCIs pen testing process with particular attention paid to enhancing the MSCI application owner/staff and vendor experiences

• Develop and construct Python-based microservices on Azure and Google Cloud Platform (GCP) using modern API frameworks. Utilize suitable serverless compute options, Kubernetes, and application infrastructure components such as Application Gateway, Cosmos DB, Redis, and EventHub/Grid. Deploy these resources using Infrastructure-as-Code methods like Terraform and Atlantis.

• Performing operational tasks and engaging in proactive research and exploration of new technologies aligned with team objectives

Your skills and experience that will help you excel

• Advanced skills in planning and conducting penetration testing activities for both applications and infrastructure. Incorporating new tools and frameworks into pen-testing procedures, and assisting development teams in developing remediation options

• Intermediate knowledge of the design and development of software applications and microservices in Python

• A moderate understanding of modern cloud and on-premises infrastructure concepts, encompassing federated authentication and authorization (OAuth experience is beneficial), Active Directory, networking essentials (such as VNets, routing, switching, advanced firewalls), DNS management, databases, middleware, and Linux administration.

• Experience with cloud environments and configurations (Azure, GCP, AWS) is beneficiary

• Strong understanding of network protocols, cryptography, and security vulnerabilities

• Strong written and verbal communication skills in English and basic project management skills

• A minimum of 4 years in a combination of penetration testing and application development roles with 1) at least 2 years of experience in a role whose primary responsibility is executing penetration tests, 2) at least 2 years of experience in a role that involved substantial execution of either application development or DevSecOps skills, and 3) at least 6 months of experience in a role that involved substantial configuration and maintenance of CI/CD pipelines

• Advanced cybersecurity certification (e.g.: eJPT, eCPPT, OSCP, OSWA, GIAC GPEN, GIAC GWAPT) is a plus, but not a requirement. Strong knowledge on Linux is required (LPIC-1, LPIC-2 is preferred). Prefer to additionally have a BS in Computer Science or Computer Engineering

• Deep understanding of the different penetration testing tools (e.g.: Metasploit, Burp Suite, Nessus) and a record or scorecard of cybersecurity related Capture the Flag contributions (e.g.: HackTheBox, PentesterLab.com)

How we’ll support you

• Our culture of high performance and innovation relies on our people sharing their knowledge and lifting each other up. You’ll be surrounded by a collaborative, global network of talented colleagues who will support and inspire you to do the best work of your career.

• We believe new and challenging experiences drive personal growth and innovation. With the right challenges, encouragement, and development support you can shape your own career experience. Career paths are multi-directional, and we encourage and support internal mobility to help you identify new opportunities to progress and take control of your future.

• As a new joiner you’ll be enrolled on our Global Orientation interactive learning experience to set you up for success.

• Our tailored learning opportunities will enable you to acquire the skills you need at your own pace, choosing between the courses and certifications best suited to you. Our Learning@MSCI platform coupled with access to LinkedIn Learning Pro will provide you with all the resources you need for to accelerate your professional growth.

• At MSCI we act in ways that encourage respect for all voices, ensuring that everyone can be themselves and feel like they are a part of the company. We are intentional about ensuring that everyone is treated fairly and supported with equal opportunities to succeed.

• We have eight MSCI Employee Resource Groups: All Abilities, Asian Support Network, Black Leadership Network, Climate Action Network, Hola! MSCI, Pride & Allies, Women in Tech, and Women’s Leadership Forum.

About MSCI

MSCI is a leading provider of critical decision support tools and services for the global investment community. With over 50 years of expertise in research, data, and technology, we power better investment decisions by enabling clients to understand and analyze key drivers of risk and return and confidently build more effective portfolios. We create industry-leading research-enhanced solutions that clients use to gain insight into and improve transparency across the investment process.

To all recruitment agencies

MSCI does not accept unsolicited CVs/Resumes. Please do not forward CVs/Resumes to any MSCI employee, location, or website. MSCI is not responsible for any fees related to unsolicited CVs/Resumes.

MSCI Inc. is an equal opportunity employer committed to diversifying its workforce. It is the policy of the firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, gender, gender identity, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy (including unlawful discrimination on the basis of a legally protected parental leave), veteran status, or any other characteristic protected by law. MSCI is also committed to working with and providing reasonable accommodations to individuals with disabilities. If you are an individual with a disability and would like to request a reasonable accommodation for any part of the application process, please email Disability.Assistance@msci.com and indicate the specifics of the assistance needed. Please note, this e-mail is intended only for individuals who are requesting a reasonable workplace accommodation; it is not intended for other inquiries.

Note on recruitment scams We are aware of recruitment scams where fraudsters impersonating MSCI personnel may try and elicit personal information from job seekers. Read our full note on careers.msci.com
Job : Technology Primary Location : India-Maharashtra-Pune Job Profile : Vice President Time Type : Full Time Department : Data Services & Technology Job Posting : May 22, 2024, 6:15:15 AM