to play a dual-role in our offensive security and secure development lifecycle initiatives. You will lead advanced penetration testing engagements, red team operations, and threat simulations across enterprise environments while also driving secure software practices by integrating security into CI/CD pipelines. This role blends deep offensive security capabilities with hands-on DevSecOps implementation, contributing to both proactive and preventative cybersecurity postures.
Key Responsibilities:
Offensive Security & Penetration Testing
Lead and perform advanced penetration testing across:
Web, mobile (iOS/Android), and desktop/thick client applications
APIs (REST, GraphQL, SOAP) with focus on business logic vulnerabilities
Internal/external networks and hybrid infrastructure (on-prem and cloud)
Execute red team engagements simulating real-world adversaries (APT-style)
Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP)
Employing post-exploitation, lateral movement, and persistence techniques
Build and maintain offensive infrastructure (C2 servers, phishing platforms)
Develop proof-of-concept exploits and adversary emulation scenarios
Deploy and monitor honeypots/honeynets for threat detection and behavior analysis
DevSecOps
& Secure SDLC
Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD)
Automate security testing and policy enforcement in the development lifecycle
Collaborate with DevOps and developers to implement secure coding practices and remediation workflows
Build custom scripts/tools for security automation (Python, Bash, PowerShell)
Monitor and harden containerized and cloud-native infrastructure (Docker, Kubernetes, serverless)
Support security gate controls and compliance checks across release pipelines
Reporting, Documentation & Communication
Deliver detailed technical reports and executive summaries of findings
Present findings to cross-functional stakeholders including engineering and executive leadership
Provide actionable remediation guidance with risk prioritization
Develop technical documentation, threat playbooks, and attack narratives
Leadership, Collaboration & Mentorship
Mentor junior penetration testers and review their assessments
Lead purple teaming exercises to bridge offensive and defensive capabilities
Collaborate with blue teams to enhance detection and response
Conduct knowledge sharing sessions and internal capability development
Stay current with threat landscape, tools, and techniques
Required Qualifications:
Experience & Background
8-10 years in cybersecurity with primary focus on penetration testing and red teaming
At least 2 years hands-on experience integrating security in CI/CD and DevSecOps environments
Proven leadership in complex offensive security engagements
Technical Skills
Offensive Security:
Advanced penetration testing of web, mobile, and thick client apps
Red teaming, lateral movement, and post-exploitation in enterprise environments
API security testing and exploitation
Tooling & Platforms:
Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike, BloodHound, Empire, Sliver
Nessus, Nmap, Trivy, AWS Inspector, Azure Defender, GCP SCC
GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes
Scripting & Automation:
Proficient in Python, Bash, PowerShell (Go or Ruby a plus)
Automation of penetration testing tasks and CI/CD integration
Cloud & Infrastructure:
Hands-on experience in AWS, Azure, GCP environments
Active Directory attack techniques (e.g., Kerberoasting, Golden Ticket)
Container and cloud-native attack simulation
Security Frameworks:
Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA
Familiarity with threat intelligence and APT tactics
Preferred Qualifications:
Certifications
One or more of the following:
OSCP
(Offensive Security Certified Professional)
CPENT
,
GIAC
(GPEN, GXPN, GCPN, GWAPT, GMOB)
CEH
(Certified Ethical Hacker)
Specialized Skills
Purple teaming and detection tuning
Cloud-native and serverless security testing
Honeypot/honeynet development
Malware analysis fundamentals
Threat modeling (STRIDE, OCTAVE)
Experience with regulatory frameworks (NIST, PCI DSS, HIPAA, GDPR)
Personal Attributes
Strong problem-solving and critical thinking skills
Excellent verbal and written communication, including reporting to technical and non-technical audiences
Ability to lead, mentor, and collaborate effectively across teams
Passion for offensive security, continuous learning, and responsible disclosure
Adaptability to fast-paced, evolving threat environments
What's in it for you?
Aptean offers competitive pay and robust benefit plans along with the opportunity to
grow your career in a fast-paced, flexible and casual environment, an outstanding
opportunity for career development and growth.
About Aptean
At Aptean, our mission is to solve tomorrow's unique challenges today with unrivaled,
purpose-built software and superior customer experiences from people who care.
Aptean is a global provider of mission-critical, industry-specific software solutions.
Aptean' s purpose-built ERP and supply chain management solutions help address the
unique challenges facing process and discrete manufacturers, distributors and other
focused organizations. Aptean' s compliance solutions are built for companies serving
specific markets such as finance, healthcare, biotech and pharmaceuticals, over 10,000
highly specialized organizations in more than 20 industries and 80 countries rely on
Aptean to streamline their everyday operations.
"At Aptean, our global and diverse employee base is our greatest asset. It is through
embracing and understanding our differences that we are able to harness our individual
power to maximize the success of our customers, our employees and our company." -
TVN Reddy
Aptean pledges to promote a company culture where diversity, equity and inclusion are
central. We are committed to applying this principle as we interact with our customers,
build our teams, cultivate our leaders and shape a company in which any employee can
succeed, regardless of race, color, sex, national origin, sexuality and gender identity,
religion, disability or age. Celebrating our diverse experiences, opinions and beliefs
allows us to embrace what makes us unique and to use this as an asset in bringing
innovative solutions to our customer base.
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.