This position is responsible for strengthening and maintaining the security of our systems and infrastructure. The responsibilities include conducting regular Vulnerability Assessment and Penetration Testing (VAPT), with a focus on mobile applications, web APIs, and other critical assets, to proactively identify and mitigate potential security risks. The role also involves performing comprehensive server vulnerability assessments to safeguard on-premises and cloud-based systems. The candidate will be responsible for monitoring and analyzing network activities to detect vulnerabilities, investigating and addressing security incidents, and mitigating threats such as malware or privacy breaches. He/she will also lead efforts to prevent unauthorized data access and ensure compliance with organizational security policies. The candidate should be knowledgeable about security frameworks and systems.

Responsibilities:

• Perform manual and automated vulnerability assessments and penetration testing
• Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities
• Perform regular vulnerability assessments on servers to identify, prioritize, and remediate security weaknesses, ensuring a robust infrastructure
• Report and document security findings, remediation activities, and recommendations
• Collaborate with developers to remediate security risks and implement secure coding best practices
• Build security automation for internal use to enable Security Engineering to operate at high speed and scale
• Conduct source-code reviews using both automated and manual approaches
• Incorporate security practices into CI/CD pipelines, ensuring vulnerabilities are identified and addressed early in the development lifecycle
• Evaluate cloud infrastructure to identify vulnerabilities, ensure compliance with security standards, and mitigate potential threats
• Leverage SIEM systems for proactive monitoring, threat detection, and compliance to enhance application security
• Assess the security posture of third-party tools and services before adoption to identify risks and ensure compliance with organizational policies
• Research emerging security topics and new attack vectors
• Manage project timelines, deadlines, and expectations, including customer interactions

Technical Qualifications:

• Experience in performing penetration testing of various application types including web, web services, APIs, and mobile
• Experience with popular security tools such as Nessus, Burp Suite, MobSF, and KALI Linux
• Proficient in security issues, exploitation techniques, and remediation measures
• Proficient in OWASP methodologies and best practices
• Understanding of DevSecOps and integrating application security toolsets within CI/CD pipelines at an enterprise level including DAST, SAST, and SCA
• Understanding of software and application security principles
• Knowledge of cloud platforms AWS, Azure, GCP
• Familiarity with development in any current programming language

Personal Skills:

• Ability to communicate well verbally and in writing with various levels from junior developers to executive staff
• Ability to stay calm, professional in troubleshooting and resolving support issues
• Ability to quickly learn new concepts and software
• Ability to work in a team environment
• Ability to adjust tasks and schedule and adapt to changing priorities

Education and Work Experience:

• Background in CS, IT or related discipline is preferred
• The candidate should have over 2 years of working experience
• Certification in IT Security (CEH, CompTIA Security+, OSCP, etc.) or any interrelated skill will be an added advantage