Responsibilities:
Penetration Testing and Vulnerability Assessment:
- Perform advanced penetration testing on web applications, mobile applications, networks, and IT infrastructure.
- Identify security vulnerabilities and assess their potential impact.
- Conduct manual and automated security testing.
- Simulate real-world attack scenarios to evaluate the effectiveness of existing security controls.
Security Assessment and Reporting:
- Document and report vulnerabilities along with comprehensive risk assessments and remediation recommendations.
- Develop detailed and structured penetration testing reports for stakeholders.
- Provide post-assessment debriefings to management and technical teams.
Security Tooling and Automation:
- Develop, maintain, and enhance automated security testing frameworks.
- Evaluate and implement new tools and technologies to improve penetration testing capabilities.
Research and Innovation:
- Keep abreast of emerging threats, vulnerabilities, and industry best practices.
- Develop and share knowledge on new attack vectors, techniques, and mitigation strategies.
Collaboration and Support:
- Work closely with PO, SRE, developers, and security teams to resolve identified vulnerabilities.
- Participate in incident response and forensic analysis when required.
- Assist in the development of security policies and procedures.
Requirements:
Education & Experience
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
- Relevant certifications are highly preferred (e.g., OSCP, OSWE, CEH).
- Minimum of 3-5 years of experience in penetration testing and vulnerability assessment.
- Proven track record of conducting successful penetration tests and identifying critical vulnerabilities.
- Strong experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
- Hands-on experience with scripting languages (e.g., Python, Bash, PowerShell) to develop testing scripts.
Technical & Soft Skills
- In-depth understanding of web, mobile, and network security principles.
- Familiarity with secure coding practices and security testing methodologies (e.g., OWASP, NIST).
- Proficient in analyzing and exploiting common vulnerabilities (e.g., SQL Injection, XSS, CSRF).
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication skills.