AddressJob Description:
1. Scan the environments from both an internal and external perspective using automated pen testing tools.
2. Check for misconfigurations, vulnerabilities, and undue exposures in applications, infrastructure, and networks.
3. Writing reports and presenting and discussing related findings with stakeholders.
4. Recommend related recommendations to enhance security posture.
5. Create and fine-tune alerts across our platforms to mitigate vulnerabilities.
6. Collaborate with the Product and Engineering teams to improve the detection capabilities of our offerings.
7. Monitor newly discovered vulnerabilities, detect the same in the available environments and build related alerts/detections to mitigate their impact in Production environments.
8. Helping the compliance team in the Internal and external Audits.
Mandatory Skills:
Vulnerability Management, Penetration Testing, OWASP, Application Security
Role:
1. Strong knowledge of cloud computing platforms (AWS, Azure, GCP) and their respective security services and features. AWS or Azure Security certifications preferred.
2. Proficiency in scripting or programming languages (such as Python, PowerShell, or Ruby) for security automation and integration.
3. Experience with container security.
4. An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP)
5. Understanding of secure software development practices and DevSecOps methodologies.
6. Experience in designing and implementing security controls for cloud environments, including identity and access management, network security, encryption, and monitoring.
7. Practices related to secure development lifecycle (SDLC), including threat modelling and security testing.
8. Should be familiar with vulnerability scanning, compliance checks, and continuous security throughout the software development process.
9. Familiarity with security frameworks and standards (e.g., NIST, CIS, ISO 27001) and their application in cloud environments.
10. Strong analytical and problem-solving skills to assess and mitigate security risks.
11. Excellent communication and interpersonal skills to collaborate with cross-functional teams and educate stakeholders on security best practices.
12. Ability to work independently and manage multiple priorities in a fast-paced environment.
13. Participate in incident response efforts and provide technical guidance during security incidents.
14. Expertise in tools like Nessus, Rapid7, Splunk, Burpsuite, etc.
