Security Tester

Job Overview: We are seeking a Senior Security Tester with 8-10 years of experience to join our security team. In this role, you will be responsible for identifying, analyzing, and mitigating security vulnerabilities across applications, networks, and cloud infrastructure. You will leverage Rapid7 tools (such as InsightVM, Nexpose, Metasploit), Datadog for security observability, and perform security assessments within AWS environments while ensuring compliance with HIPAA regulations. Your expertise will help guide our security testing processes, maintain a strong security posture, and ensure our systems meet critical healthcare data protection standards.

Required Qualifications: Experience: 8-10 years of hands-on experience in security testing, vulnerability assessments, penetration testing, and cloud security, particularly in AWS environments. Expertise in using Rapid7 tools (e.g., InsightVM, Nexpose, Metasploit) and Datadog for security observability.

Technical Skills:

Expertise in vulnerability management and penetration testing, including experience with Rapid7 InsightVM and Metasploit. Extensive experience in security testing and assessments within AWS environments (e.g., EC2, S3, IAM, RDS, Lambda). Experience ensuring compliance with HIPAA regulations, particularly regarding the security of protected health information (PHI), data encryption, and access controls. Familiarity with Datadog for real-time security monitoring, incident detection, and observability. Strong understanding of common web application vulnerabilities (e.g., SQL injection, XSS) and network security risks. Experience integrating security testing into CI/CD pipelines for automated vulnerability scanning and security validation. Certifications (Preferred):

Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) GIAC Web Application Penetration Tester (GWAPT) Certified Cloud Security Professional (CCSP) AWS Certified Security – Specialty Soft Skills:

Excellent communication skills with the ability to convey complex security concepts to both technical and non-technical audiences. Strong problem-solving and analytical abilities. Leadership skills and the ability to mentor junior team members. Detail-oriented with a strong passion for cybersecurity and compliance. Desired Experience: Experience securing applications and infrastructure within AWS, including setting up secure networking (VPC), IAM policies, and security best practices for EC2, S3, and other AWS services. Hands-on experience with HIPAA compliance requirements, such as encryption (at rest and in transit), access control, audit logging, and incident response for healthcare applications. Familiarity with containerized applications (Docker, Kubernetes) and their security testing. Experience with automated testing frameworks and integrating them into DevSecOps workflows. Working Environment: Collaborative and dynamic work environment with opportunities for growth and development. Flexible work options, including remote or hybrid arrangements (depending on location). Access to cutting-edge security tools and technologies.

Key Responsibilities:

Security Testing & Vulnerability Management: Perform in-depth security assessments of web and mobile applications, network infrastructures, and cloud environments (AWS) using Rapid7 tools (e.g., InsightVM, Nexpose, Metasploit) to identify vulnerabilities such as SQL injection, XSS, and privilege escalation.

Penetration Testing: Lead penetration testing efforts on applications, networks, and cloud services, using tools like Rapid7 Metasploit to simulate real-world attacks. Identify vulnerabilities and provide detailed recommendations for risk mitigation.

AWS Security Testing & Cloud Assessments: Conduct security assessments of AWS environments, ensuring configurations are secure and compliant with industry standards and best practices. Perform security tests for AWS services (EC2, S3, RDS, IAM) and configurations such as VPC, security groups, and IAM roles to prevent unauthorized access or misconfigurations.

HIPAA Compliance: Ensure that security testing aligns with HIPAA compliance requirements, focusing on the protection of sensitive healthcare data. Work with compliance teams to verify that security testing, vulnerability assessments, and incident response procedures adhere to HIPAA guidelines for data encryption, access controls, and data breach notification.

Real-Time Security Observability: Leverage Datadog for security monitoring, incident detection, and observability in real-time. Track key security metrics, identify unusual patterns or anomalies, and respond promptly to potential incidents.

Automated Security Testing: Integrate security testing tools like Rapid7 InsightVM into CI/CD pipelines to automate vulnerability scanning and security assessments, improving the efficiency of security operations.

Security Code Reviews: Review application code for potential security flaws, particularly in environments subject to HIPAA, ensuring secure coding practices are followed. Identify vulnerabilities related to data handling, encryption, and authentication mechanisms.

Security Standards & Compliance: Ensure security testing procedures comply with industry standards, including OWASP Top 10, NIST, ISO 27001, PCI DSS, and HIPAA. Provide regular security reports that demonstrate compliance and identify areas of improvement.

Reporting & Documentation: Document findings from security assessments, penetration tests, and cloud assessments, detailing risks, vulnerabilities, and mitigation strategies. Provide clear reports for both technical and non-technical stakeholders.

Mentorship & Leadership: Mentor junior team members in security testing techniques, tool usage (including Rapid7 and Datadog), and best practices. Foster a culture of continuous learning and improvement within the team.

Continuous Research & Improvement: Stay current with emerging security threats, vulnerabilities, and technologies. Participate in the development and continuous improvement of security testing methodologies and processes.

Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them.

Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities!

Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays.

Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings.

Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses.

Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!