Key Responsibilities Examine Security Controls Identify Weaknesses and Attack Vectors Map Attack Surface Selection of Security Framework Improve Cybersecurity Posture Support test planning to include development of test objectives, test and data requirements, identify potential attack surface/vectors, test configurations, test and analysis plans, and supporting schedules. Conduct vulnerability analysis, penetration testing, and provide assessment reports as directed. Researches new threats, vulnerabilities, security technologies, and countermeasures and provides mitigation and remediation recommendations. Provide cyber security technical expertise and analysis to identify potential risk areas. Develop applications to automate testing in Unix/Linux/Windows operating systems, including bash and Powershell. Review source code for security flaws. Develop reports and presentations for both technical and executive audiences. Identification of Vulnerabilities, Threat Analysis, Risk Assessment, Recommendation for improvements Security Information and event management Security orchestration, automation & Response Endpoint detection & response The Day-to-Day Activities: Identify and drive remediation of high-priority Web/Mobile application / environment security issues, including: Screening potential issues Providing remediation guidance to issue owners Conducting validations of potential fixes or mitigations Providing risk and impact assessments of vulnerabilities or proposed mitigations Follow-up with the relevant development teams for fixes. Follow-up and help incident response team with the investigation Conduct application security testing and source code auditing for a variety of technologies Provide clear and detailed risk assessment and remediation guidelines for developers and business owners Conduct penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections Research on the latest cybersecurity standard methodologies, trends, threats, and vulnerabilities, and technology frameworks Document and disseminate security guidelines for common security issues, remediation mentorship, and security technology baselines Develop tools and exploits to support application security review and/or penetration testing The Must-Haves: 7+ years of security industry experience utilizing web/mobile application security and knowledge of the security / threat landscape. Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques Strong working knowledge of networking and network protocols like TCP/IP, UDP, ARP, DNS, and DHCP is required. Solid knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and the ability to mitigate them effectively. Experience with a suite of vulnerability assessments tools such as Wireshark, Nmap, Burp Suite, Netcat, Nessus, ACAS, etc is required. Understanding of network security concepts, including firewalls, VPNs, IDS/IPS, MFA, and SIEM solutions. Is familiar with managing infrastructure and technology in Microservice stack (such as Load Balancing, HAProxy, ORA Weblogic, Kafka or Kong). Has knowledge on how to perform assessment or analysis on the level of application, network and infrastructure for new application development or system integration. Has capability to understand SDLC processes to support IT operation and development or security compliance. Understanding of endpoint protection (malware, ransomware and similar threats) Understanding of database security requirements. Exposure to file integrity monitoring tools to detect changes to core systems. Working experience with cloud technologies such as AWS, Google Cloud, Ali, and Azure. Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen-testing tools and procedures for Web/ Mobile. Passionate about automating security testing and penetration testing using tools and code Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment. Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions. Strong, proven track record of delivering results in fast-paced, resource-scarce environments Hands-on knowledge of vulnerability assessments and mitigations(systems/applications/code). Teamwork and advocacy: Fostering a culture of cybersecurity across various teams. Nice-to-Haves: Cyber Security certifications like OSCP/OSCE/CREST will be an added advantage Cloud security related certifications Show more Show less