Job Description

Key Responsibilities

• Perform manual penetration testing of web application, mobile, API and networks to discover and exploit vulnerabilities
• Clearly document, communicate findings and remediation recommendations to the application/service owners
• Liaise with internal stakeholders to ensure timely delivery of security assessments
• Perform regular VA/PT of web, mobile, network and API applications
• Identify the internet exposure of our operating companies and constantly evaluate the security posture
• Document vulnerabilities, impact, and recommendations in a systematic manner
• Take on security challenges, take ownership of them and drive them to completion

Person Specifications

• Minimum 2+ years of experience performing vulnerability assessments and penetration testing on Web/Mobile/Network/API applications
• Excellent understanding of OWASP Top 10 vulnerabilities and its mitigations
• Clear understanding of networking fundamentals: OSI layers, TCP/IP, protocols, etc
• Experience working on a GNU/Linux based penetration testing operating system and the command line (such as Kali Linux, Parrot, BlackArch, etc.)
• Experience with automation scripting and fluent in at least one programming/scripting language
• Experience working on open-source and commercial tools like Burp Suite, Nuclei, Frida, Nessus, etc
• Good spoken and written English skills

Nice To Have

• Security certifications: OSCP, OSWE, CRTP, GIAC certs or equivalent
• Knowledge of Cloud penetration testing: AWS, Azure, etc
• Knowledge of Windows penetration testing: Active Directory, Azure AD
• CVE publications, knowledge of exploit development
• Talks/workshops organized at security conferences
• Excellent bug bounty track record
• Open-source contributions made to security tools, scripts & solutions
• Development background and code review capabilities
• Experience with OT penetration testing