About Wipro : Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. We leverage our holistic portfolio of capabilities in consulting, design, engineering, operations, and emerging technologies to help clients realize their boldest ambitions and build future-ready, sustainable businesses. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability and good corporate citizenship, we have over 250,000 dedicated employees serving clients across 66 countries. We deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. Title : Vulnerability Management Consultant ( Cyber Security) Location : Washington DC ( Hybrid) The selected candidate may work remotely from Washington, DC. or any of the 50 states of the United States, except for 1 week (3 days in 1 week i.e., Tuesday- Thursday) every quarter (i.e., every 3 months) where it is mandatory that candidate physically work in Washington, DC. Overview Under the general supervision of the Section Chief (Governance, Risk, Compliance & Data Security), the Application Security Pentester is expected to provide application security for technology platforms in the cloud and on-premise. The candidate will be required to work with project teams, service providers, and business units internal and external to the Fund’s IT function. The candidate is expected to bring pragmatic application security experience allowing for the Fund to meet its present and emergent business needs. Specific responsibilities include: 1. Perform security analysis of the application related layers of systems by performing manual and automated security tests for a broad range of systems (thin and fat clients, mobile, etc.) in the cloud and on-premise. 2. This includes utilizing manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software. 3. Provide recommendations for remediation of identified security flaws and guide the system owners on how to remediate them. 4. Write clear and concise penetration testing reports detailing findings and recommendations. 5. Maintain detailed documentation of test procedures and related findings. 6. Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities. Experience must include: 1. Security testing of custom solutions, integrations with ERP solutions and other commercial of the shelf solutions, application middleware (API, application servers, etc.), etc. that are on-premise and/or in the cloud in web, fat client or mobile form. 2. Practical working knowledge and use of o Penetration testing tools and frameworks such as BurpSuite, Metasploit, Nmap, AppScan, etc. o Cloud and container technologies like Azure Kubernetes, Azure Container Registry, etc. o Java, C++, C#, Python, HTML, Java script, PHP. o Windows and UNIX operating systems and operation/configuration of common web servers as Apache, etc. o OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification). 3. Practical working knowledge with identifying and mitigating security weaknesses, and incorporating security into enterprise software development lifecycle, both agile and traditional waterfall. 4. Demonstrated knowledge of running a broad range of web application testing tools, identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan. 5. Proven level of understanding of web application technologies (Java, .NET) and database management systems (Oracle, MS SQL) and related security concepts. 6. In-depth and hands-on working knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc. 7. Knowledge of security solutions, latest threats, and countermeasures. Required Soft Skills 1. Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation. 2. Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders. 3. Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues. 4. Interpersonal skills that create openness and trust among colleagues. 5. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity, and responsibility. 6. Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results. 7. Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers. 8. Ability to work well under pressure and to meet tight deadlines, whilst demonstrating a high level of motivation, confidence, integrity, and responsibility. 9. Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships. Certifications: (Minimum plus at least 1 preferred) 1. CEH or CompTIA PenTest+ or CSSLP (minimum required) 2. GIAC application security and/or pen testing related certifications (preferred) 3. Offensive security related certifications (preferred) The potential compensation for this role is based on labor costs in local markets, as well as the job-related skills, knowledge and experience of the candidate. Expected base pay for this role ranges from $100000 to $135,000. Based on the position, the role is also eligible for Wipro’s standard benefits and additional compensation offerings, including a full range of medical and dental benefits options, disability insurance, paid time off (inclusive of sick leave), other paid and unpaid leave options as well as potential incentive or variable compensation. Wipro is an Equal Employment Opportunity employer and makes all employment and employment-related decisions without regard to a person's race, sex, national origin, ancestry, disability, sexual orientation, or any other status protected by applicable law. Vulnerability Management