Security Engineer - Vulnerability Management (5-10 yrs)

Job Description :

Responsibilities :

- Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities.

- Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios.

- Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components.

- Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements.

- Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains.

- Develop secure coding, configuration, and deployment practices across both applications and infrastructure.

- Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions.

Requirements :

- Experience : 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security.

- Certifications : Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable.

- Technical Expertise: Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors

such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations.

- Programming and Scripting : Proficiency in at least one programming or scripting language (e. g., Python, JavaScript, Bash, or PHP).

- Tools : Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security.

- Cloud and Infrastructure Knowledge : Familiarity with security best practices for AWS and container security (e. g., Docker, Kubernetes).

- Self-Starter : Highly self-motivated, thrives on independent research, and continuously seeks out new challenges.

- Team Impac t: Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams.

Preferred Requirements :

- Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities.

- Experience in securing infrastructure environments, cloud networks, and virtualized systems.

- A track record of independent security projects and active participation in security

communities.

- Passion for fostering a proactive security culture across both application and infrastructure teams.