Key Responsibilities:
• Perform web application, API, and mobile application penetration testing using industry-leading methodologies (OWASP, PTES, etc.).
• Conduct network penetration testing and infrastructure security assessments.
• Execute Vulnerability Assessment and Penetration Testing (VAPT) engagements, document findings, and recommend remediations.
• Integrate security into the Software Development Lifecycle (SDLC) and advise development teams on secure coding practices.
• Develop, enhance, and maintain security testing frameworks and tools.
• Review and validate security patches, mitigations, and fixes.
• Stay updated on the latest attack techniques, exploits, and threat landscapes to enhance testing methodologies.
• Collaborate with cross-functional teams to support security awareness and risk reduction efforts.
Required Skills & Qualifications:
• 46 years of experience in Information Security, with a focus on application and network penetration testing.
• Hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, and other manual testing tools.
• Deep understanding of OWASP Top 10, SANS Top 25, and common exploitation techniques.
• Experience in secure SDLC practices and working with development teams to resolve findings.
• Strong knowledge of mobile application security (iOS and Android) and API testing methodologies.
• Excellent report writing and communication skills for both technical and non-technical stakeholders.
Preferred Certifications (1 or more):
• OSCP (Offensive Security Certified Professional)
• OSWE (Offensive Security Web Expert)
• eWPT / eWPTX (eLearnSecurity Web Application Penetration Tester)
• PNPT (Practical Network Penetration Tester)
• HTB CPTS (Certified Penetration Testing Specialist)
Original job Senior Information Security Engineer posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
