Security Engineer - Vulnerability Management (7-15 yrs)

We looking for a skilled Security Engineer with expertise in securing web and mobile applications, as well as identifying vulnerabilities across both application and infrastructure layers.

This role is perfect for someone with a "hacker mindset" who enjoys uncovering vulnerabilities in web applications, APIs, and infrastructure. The ideal candidate is proactive, self-motivated, and committed to enhancing the security of our platforms by identifying and addressing vulnerabilities.

Responsibilities :

- Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities.

- Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios.

- Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components.

- Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements.

- Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains.

- Develop secure coding, configuration, and deployment practices across both applications and infrastructure.

- Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions.

Skills & Qualifications:

- Experience: 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security.

- Certifications: Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable.

- Technical Expertise: Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations.

- Programming & Scripting: Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, Bash, or PHP).

- Tools: Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security.

- Cloud & Infrastructure Knowledge: Familiarity with security best practices for AWS and container security (e.g., Docker, Kubernetes).

- Self-Starter: Highly self-motivated, thrives on independent research, and continuously seeks out new challenges.

- Team Impact: Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams.

Preferred Requirements :

- Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities.

- Experience in securing infrastructure environments, cloud networks, and virtualized systems.

- A track record of independent security projects and active participation in security communities.

- Passion for fostering a proactive security culture across both application and infrastructure teams.