Role & Responsibilities
• Design and perform tests and check cases to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and non-repudiation standards.
• Conduct internal vulnerability assessments and penetration tests on infrastructure components, systems, and applications to identify security gaps and evaluate their exploitability. Analyze findings against established security standards including OWASP Application Security Verification Standard (ASVS), NIST guidelines, and CIS Benchmarks to ensure comprehensive security posture evaluation.Evaluate vulnerability reports from internal tools, vendors, and research sources against compliance frameworks (ISO/IEC 27001, PCI DSS, SOC 2) to determine their relevance and impact on the organization's security and compliance posture.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Translate security requirements and business objectives into structured test plans and test cases aligned with industry standards such as OWASP, NIST CSF, and CIS Controls. Design and execute security tests including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and manual penetration testing to identify vulnerabilities to common attacks (injection attacks, authentication bypasses, XSS, etc.).
• Provide expert guidance to technical teams on effective mitigation and remediation strategies, ensuring recommended fixes align with security best practices and organizational risk tolerance.
• Participate in organization-wide penetration testing and offensive security programs, documenting findings with clear technical details and severity ratings to support prioritized remediation efforts
Requirements
• Minimum of 2 years of hands-on experience in penetration testing, vulnerability assessment, or offensive security with demonstrated ability to translate technical findings into business risk language.
• Strong understanding of common vulnerabilities, exploit methods, standard mitigation practices (OWASP Top 10), and risk assessment frameworks (CVSS, EPSS) to support risk-based decision-making.
• Experience in red teaming, attack simulation, offensive security engagements, or comparable vulnerability management frameworks aligned with risk assessment processes.
• Proficient in conducting root cause analysis for identified vulnerabilities, recommending suitable technical fixes, and monitoring remediation progress to ensure risks are managed within acceptable thresholds.
• Comfortable analyzing large datasets, vulnerability reports, and risk metrics to identify trends and communicate residual risk exposure to stakeholders.
• Strong attention to detail with solid analytical and written communication skills, particularly in translating complex technical security findings for non-technical audiences.
• Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, GXPN, CEH, or equivalent are preferred to validate expertise in offensive security and risk assessment methodologies.
Please refer to U3’s Privacy Notice for Job Applicants/Seekers at https://u3infotech.com/privacy-notice-job-applicants/.
When you apply, you voluntarily consent to the collection, use and disclosure of your personal data for recruitment/employment and related purposes.
