Senior Security Engineer

Job Tittle - Security Test Engineer

Job Type: Full-time
EXP 5+ Years
Location - Gurgaon

Roles & Responsibilities:

Perform Security Assessments: Conduct various types of security testing,
including:
1. Penetration Testing: Perform black-box, gray-box, and white-box penetration
testing on web applications, APIs, mobile applications (iOS/Android), and
network infrastructure.
2. Vulnerability Assessments: Utilize automated and manual techniques to
identify security weaknesses.
3. Static Application Security Testing (SAST): Analyze source code to identify
potential vulnerabilities.
4. Dynamic Application Security Testing (DAST): Test applications in a running
state and vulnerabilities.
5. Interactive Application Security Testing (IAST): Combine elements of SAST and
DAST for comprehensive testing.
6. Configuration Reviews: Assess the security posture of various systems and
applications.
7. Threat Modeling: Participate in threat modeling sessions to identify potential
attack vectors and vulnerabilities early in the development lifecycle.
8. Vulnerability Management:
Document identified vulnerabilities clearly and concisely, including steps to
reproduce, impact, and severity.
Communicate findings to development teams and stakeholders effectively.
Track and manage vulnerabilities through their lifecycle, from discovery to
remediation and retesting.
Provide guidance and recommendations to development teams on remediation
strategies.

9. Security Tooling & Automation:
- Utilize and configure security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus,
Acunetix, Fortify, Checkmarx, Metasploit).
- Develop and implement automated security tests and scripts to improve efficiency.
- Stay up-to-date with the latest security testing tools, techniques, and best
practices.
10. Collaboration & Communication:
- Collaborate closely with development, DevOps, QA, and product teams to
integrate security into the SDLC (Secure SDLC).
- Educate and mentor developers on secure coding practices and common vulnerabilities.
- Participate in security code reviews.
- Present security findings and recommendations to technical and non-technical
audiences.
11. Research & Development:
- Stay informed about emerging security threats, attack vectors, and industry
trends.
- Contribute to the improvement of security testing methodologies and processes.
Participate in security community activities, conferences, and training.

Required Skills & Qualifications:

• Education: Bachelor's degree in computer science, Information Security, or a
  related field (or equivalent practical experience).

• Experience:
  Mid-Level: 3-6 years of experience in security testing, penetration testing, or
  application security.

Senior Level: 6+ years of experience in security testing, leading penetration
testing engagements and architecting secure solutions.

Technical Skills:

• Strong understanding of web application security vulnerabilities (e.g., OWASP
  Top 10, SANS Top 25).
  o Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Nmap,
  Metasploit).
• Experience with various operating systems (Linux, Windows).
• Familiarity with scripting languages (e.g., Python, Ruby, PowerShell, Bash).
  Understanding of network protocols, firewalls, and intrusion
  detection/prevention systems.
• Knowledge of secure coding principles and common programming languages
  (e.g., Java, Python, C#, JavaScript, ).
• Experience with cloud security (AWS, Azure, GCP) is a strong plus.
  Familiarity with CI/CD pipelines and integrating security into automated workflows.

Soft Skills:
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical audiences.
- Ability to work independently and as part of a team.
- High attention to detail and a methodical approach to testing.
- Curiosity and a strong desire to learn and stay current with security trends.

Desired Certifications (Plus, but not required):
OSCP
OSWE
CEH (Certified Ethical Hacker)
CompTIA Security+
SANS certifications (e.g., GWEB, GWAPT, GPEN)
CSSLP (Certified Secure Software Lifecycle Professional)