Cloud Infra Penetration Testing Engineer Software Engineer Ii Talent500 Years T882
04: Cloud Infra penetration testing
Qualifications:
Bachelor\'s degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
6 + Years of IT professional experience, with 4 + years Information Security experience, with previous as a cloud infra pen testing.
Requirements:
experience in security on cloud AWS Google Cloud -GCS AZURE.
Good understanding in Cloud Assessment Methodology, Infrastructure Cloud Components, Services and Databases in the Cloud.
Strong background on Kubernetes, Serverless, microservice and Lambda.
Identifying all possible entry points into the environment O365, Web Applications, Storage Blobs, S3 Buckets, SQL/RDS Databases, Azure Automation APIs, AWS APIs, Remote Desktops, VPNs, etc.
Expert on Authentication and Authorization Testing to Bypassing the Privilege, robust multi factor authentication policies etc,
Conduct penetration testing to ensure that the virtual machines are protected via Network Security Groups (NSGs analogous to firewalls) and their data is encrypted at rest.
Strong hand-on experience in performing cloud environment related attacks such as Abusing Databases for Privileges Escalation with Redis and NoSQL, S3 bucket configuration and permissions flaws, IAM Privilege Escalations.
Expert in examine storage blob permissions for any data leakage.
Hands on experience in establishing private-cloud access through Lambda backdoor functions.
Check the proper input validation for Cloud applications to avoid web application Attacks such as XSS, CSRF, SQLi, etc.
Hands on experience in tools such as Nexpose, App Thwac and cloud related security tools.
Ideal candidate with have experience/skills in identifying the following classes of vulnerabilities:
O Cover tracks by obfuscating Cloudtrail logs.
O Targeting and compromising AWS IAM keys.
O Finding and Using Undocumented APIs
O Azure Active Directory and SAML
O Windows Containers
O Backdooring Containers
O Credential Stuffing and Leveraging Password Methodologies.
O Backdooring Web Applications with Tokens.
O Heavy and Lite Shells
O Backdooring Containers
O Load Balancer and Proxy Abuse
O Windows Backdoors
Certification: CEH, AWS Security, AZURE or OSCP relevant security certification.