We are seeking a highly skilled Security Expert with deep expertise in penetration testing and internet security assessments to strengthen our cybersecurity posture. The ideal candidate will be responsible for identifying vulnerabilities across our infrastructure, applications, and services, and working with internal teams to drive remediation and ensure a secure environment.
Key Responsibilities:
Conduct manual and automated penetration tests on web applications, APIs, network infrastructure, and cloud environments. Perform vulnerability assessments, exploit development, and simulate real-world cyberattacks to uncover security weaknesses. Lead and document internet security testing, including external surface assessments, firewall bypass tests, and DNS/SSL configuration reviews. Collaborate with engineering, DevOps, and infrastructure teams to design and implement secure architecture and remediation plans. Review application code and configurations for security issues. Create detailed reports with findings, severity ratings, and actionable recommendations. Monitor emerging threats, CVEs, and adversarial techniques (MITRE ATT&CK, OWASP Top 10, etc.). Assist in building internal security tools and automation frameworks to streamline testing and detection. Help establish and maintain security testing procedures, standards, and compliance policies (e.g., ISO 27001, SOC2, HIPAA). Participate in red teaming and threat modeling exercises as needed.
Required Skills and Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, or related field. 5+ years of experience in penetration testing, ethical hacking, or red team operations. Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Nikto, OWASP ZAP, etc. In-depth knowledge of network protocols, web technologies, authentication mechanisms, and encryption methods. Proficient in scripting or programming languages such as Python, Bash, or PowerShell. Solid understanding of secure software development practices, vulnerability management, and DevSecOps pipelines. Strong analytical and reporting skills, with attention to detail. Familiarity with compliance frameworks and industry regulations. Preferred Skills Relevant certifications such as OSCP, CEH, GPEN, or CISSP. Experience testing cloud environments (AWS, Azure, GCP) and SaaS platforms. Exposure to mobile application security testing (Android/iOS). Familiarity with SIEM tools, intrusion detection, and threat hunting. Knowledge of graph databases and NoSQL security is a plus
Job Type: Full-time
Work Location: In person
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.