Application Security Expert - Red Team / Ethical Hacker
Department:
Information Security / Cybersecurity
Reports To:
Group CISO
Job Summary:
The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture.
Responsibilities:
Red Teaming & Attack Simulation:
Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls.
Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors.
Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities.
Advanced Penetration Testing:
Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques.
Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling.
Develop detailed penetration test reports with clear and actionable recommendations for remediation.
Secure Code Review (Offensive Perspective):
Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers.
Provide developers with guidance on secure coding practices and vulnerability remediation techniques.
Develop and maintain secure coding guidelines and checklists.
Vulnerability Research & Exploit Development:
Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques.
Conduct vulnerability research to identify new and emerging threats.
Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities.
SDLC Integration & Security Advocacy:
Collaborate with development teams to integrate security testing and red teaming activities into the SDLC.
Participate in design reviews and provide security guidance on application architecture and design.
Promote a security-conscious culture within the development organization.