Experience Level: Minimum 4-5 years
Job Description:
We are seeking an experienced and motivated Cybersecurity Specialist with a strong background in penetration testing, red teaming, DevSecOps practices, and vulnerability management. This individual will be a hands-on contributor responsible for identifying vulnerabilities, simulating real-world attacks, and integrating security throughout our development processes. The ideal candidate will possess a blend of technical expertise, analytical skills, and the ability to take initiative.
Key Responsibilities:
- Conduct comprehensive penetration tests and red team assessments to identify vulnerabilities and weaknesses across various systems and applications.
- Develop and execute advanced attack simulations and methodologies to evaluate the security posture of the organization.
- Collaborate with development teams to integrate security practices seamlessly into the Software Development Life Cycle (SDLC) through DevSecOps initiatives.
- Manage the vulnerability scanning and management process using tools such as Qualys, Tenable, and other industry-standard solutions, ensuring timely remediation of identified vulnerabilities across the IT landscape.
- Utilize Static Application Security Testing (SAST) tools, including Veracode, Snyk, and other relevant solutions, to enhance application security throughout the development process.
- Analyze security assessments and present findings to stakeholders, providing actionable recommendations for risk reduction.
- Engage in security research to stay current with emerging trends, threat intelligence, and vulnerabilities in technologies relevant to the organization.
- Take ownership of assigned tasks and projects, demonstrating accountability and a results-driven approach.
- Proactively identify areas for improvement in existing security processes and tools, and initiate projects to enhance overall security posture.
- Mentor junior team members and share knowledge on best practices, tools, and methodologies in cybersecurity.
- Serve as a liaison between technical and non-technical teams to promote security awareness and practices across the organization.
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
- Minimum of 3 years of experience in cybersecurity, with a focus on penetration testing, red teaming, DevSecOps, and vulnerability management.
- Proven experience with penetration testing tools (e.g., Burp Suite, Kali Linux) and methodologies (e.g., OWASP Top Ten, MITRE ATT&CK Framework).
- Must have the mobile security assessment experience (RASP) solution,
- Must have good concept of AI adaptation and AI Security red teaming activities.
- Experience managing vulnerabilities using tools such as Qualys, Tenable, or similar vulnerability management solutions.
- Familiarity with DevSecOps tools and practices (e.g., CI/CD pipelines, security scanning tools).
- Strong knowledge of operating systems (Linux, Windows) and networking protocols.
- Experience with cloud security principles and technologies (AWS, Azure, GCP).
- Excellent problem-solving skills and the ability to think critically in high-pressure situations.
- Strong communication and interpersonal skills with the ability to work collaboratively in a team-oriented environment.
- Relevant cybersecurity certifications (e.g., PNPT, CPPT, OSCP, CEH, etc.) are a plus.
- Active in Bug bounty programs