Key Responsibilities:
Conduct hands-on penetration testing of applications, infrastructure, and cloud
deployments, good concept on SASE solutions ensuring early detection of
vulnerabilities.
Simulate advanced cyber threats through red team exercises and communicate
results clearly and constructively.
Work directly with developers and DevOps engineers to embed security into every
deployment (DevSecOps), automating and monitoring secure coding practices in
the SDLC.
Oversee vulnerability management from identification to remediation, employing
tools like Qualys, Tenable, and SAST solutions including Veracode and Snyk.
Analyze and responsibly disclose security risks, providing prescriptive, prioritized
recommendations for development, IT, and leadership teams.
Champion continuous improvements, staying abreast of security trends and
implementing enhancements to protection strategies and tooling.
Support and train team members, serving as a role model for a culture of
knowledge sharing and proactive security.
Facilitate security-focused communication between business, IT, and engineering
teams.
Qualifications:
Bachelor’s degree in Computer Science, Information Security, or related discipline,
or equivalent real-world experience.
Minimum of 3 years performing penetration testing, with significant knowledge of
vulnerability management and DevSecOps.
Expertise in penetration testing tools and frameworks (e.g., Burp Suite, NMAP,
RASP, Kali Linux, OWASP Top Ten, CVSS Scoring, MITRE ATT&CK).
Experience operationalizing vulnerability management platforms and SAST tools
inside CI/CD workflows.
Working understanding of Linux, Windows, networking, and major cloud
platforms (AWS, Azure, GCP).
Confident communicator able to interact with technical and business
stakeholders.
Relevant certifications (OSCP, CEH, PNPT, CPPT) are a strong advantage