Job Description

Roles and Responsibilities
------------------------------

• Take a hands-on role in conducting penetration Testing and vulnerability assessments on Web
• Applications, APIs and cloud platforms (AWS, GCP, etc.) to identify vulnerabilities and potential attack vectors.
• Identify Security design gaps in new and existing cloud architectures and Collaborate with other teams to craft solutions to mitigate the issues
• Perform Cloud Security Assessment, evaluate security controls of cloud platforms and cloud deployment.
• Lead and Oversee the Security Team to ensure high-quality deliverables to our clients
• Document findings, methodologies and exploitation techniques in clear and actionable reports for technical and non technical stakeholders.
• Lead incident response efforts in the event of security breaches or incidents
• Provide Guidance, training and direction to less experienced staff members
• Perform threat modelling on the cloud-based scenarios and able to apply the principles to secure the cloud platforms.
• Plan and execute social enginnering assessments to evaluate the organization's susceptibility to phising, pretexting and other manipulation techniques.
• Demonstrate a deep understanding of cloud security concepts and best practices, advising clients on how to secure thier cloud effectively.
• Define and develop Build & Release best practice by working within teams and educating the other stakeholder teams.
• Collaborate with team to implement security controls, defences, and countermeasures to intercept and prevent internal or external attacks on cloud environments.
• Staying up-to-date and ahead of what is happening in AppSec and CloudSec: Researching and Investigating new attack vectore and security flaws in cloud and web, etc.


? Technical Expertise
-----------------------

• Degree: Bachelors Degree in Computer Science
• Proven prior experience as a Penteration Testing Expert for 4+ Years
• 3+ Years of Hands on experience in cloud (AWS & GCP) security architecture, native security tools and good knowledge of cloud security is desirable.
• Experience in planning and executing penetration tests/red team exercises against Web Applications, APIs, containers, cloud platforms (AWS, GCP, etc.).
• Proficiency in creating exploit and PenTest Scripts
• Practical Experience with testing frameworks like PTES, OWASP, etc and strong knowledge of OWASP TOP 10 is a must.
• Familiarity with industry-standard security practices(OWASP, SANS, etc.) and knowledgeable about industry security guidelines and compliance standards such as ISO 27001, SOC 2, HIPAA, etc.
• Proficiency in using security tools like Burp Suite, Metasploit, Nessus, Wireshark, nmap
• Good knowledge of security containers, hands on in experience with DevSecOps principles and a good handle on end-to-end Sec Dev Processes.
• Have relevant experience in DevOps & Migration to cloud.
• Strong Communications Skills
• Strong critical thinking and problem-solving abilities.

Good to have Certifications:

• Offensive Security Certified Professional (OSCP)
• GIAC Certified Penetration Tester (GPEN)
• eLearn Security Web Application Penetration Tester eXtreme (eWPTX)
• CREST Registered Penetration Tester (CRT)
• AWS Certified Security - Specialty
• Google Cloud - Professional Cloud Security Engineer (PCSE)
• Certified Cloud Security Professional (CCSP)