Cybersecurity Expert

We are seeking an accomplished Security Professional to enhance our security capabilities. As a key member of our team, you will play a vital role in ensuring the robustness and integrity of our infrastructure.

The ideal candidate will possess a profound understanding of security concerns, exploitation techniques, and remediation measures.

You will be responsible for performing manual and automated vulnerability assessments and penetration testing, as well as conducting security evaluations using SAST, DAST, and SCA tools to identify vulnerabilities.

Key Responsibilities:

• Perform regular vulnerability assessments on servers to identify, prioritize, and remediate security weaknesses, ensuring a secure infrastructure.
• Report and document security findings, remediation activities, and recommendations.
• Collaborate with developers to remediate security risks and implement secure coding best practices.
• Build security automation for internal use to enable Security Engineering to operate at high speed and scale.
• Conduct source-code reviews using both automated and manual approaches.
• Incorporate security practices into CI/CD pipelines, ensuring vulnerabilities are identified and addressed early in the development lifecycle.
• Evaluate cloud infrastructure to identify vulnerabilities, ensure compliance with security standards, and mitigate potential threats.
• Leverage SIEM systems for proactive monitoring, threat detection, and compliance to enhance application security.
• Assess the security posture of third-party tools and services before adoption to identify risks and ensure compliance with organizational policies.
• Research emerging security topics and new attack vectors.

Requirements:

• In-depth understanding of security issues, exploitation techniques, and remediation measures.
• Thorough and practical knowledge of OWASP.
• Proven experience in performing penetration testing of various application types including web, web services, APIs, and mobile.
• Knowledge of DevSecOps and integrating application security toolsets within CI/CD pipeline at an enterprise level including DAST, SAST, SCA.
• Ability to follow an in-depth manual testing process and not just run automated tools.
• Development knowledge of any current programming languages would be an added advantage.
• Strong understanding of software and application security.
• Hands-on experience with popular security tools Nessus, Burp suite, MobSF, KALI Linux.
• Knowledge of cloud platforms AWS, Azure, GCP.

Preferred Qualifications:

• Over 7 years of working experience.
• Background in CS, IT or related discipline is preferred.
• Certification in IT Security (CEH, CompTIA Security+, OSCP, etc.) or any interrelated skill will be an added advantage.