Senior Engineer, Penetration Testing

Summary

Join our dynamic and global Digital Product Engineering company as a Security professional! We are seeking a skilled individual with 3-6 years of experience in application security testing across web, mobile, API, and infrastructure. You will perform security testing of applications and cloud environments, articulate findings to stakeholders, and develop attack vectors. Proficiency in OWASP, penetration testing, and various security tools is essential. This role requires hands-on experience with DAST/SAST/IAST solutions and scripting capabilities. A bachelor's degree in a relevant field is required.

Requirements

• Have 3-6 year of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server)
• Possess through knowledge of the OWASP framework and testing guide
• Have hands-on knowledge of Pen testing, red team exercise, and bug hunting
• Have hands-on knowledge of DAST/SAST/IAST solutions
• Possess Knowledge on scripting (e.g. in python, PowerShell, JavaScript) to write automation scripts & PoCs
• Possess Knowledge on SSO and OAuth 2.0 flows
• Have a Bachelor degree. - Preferably in the field of Computer Science/ Computer Application/ Information & Technology/ Electronic & Communication Engineering

Responsibilities

• Perform security testing of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders
• Think Out-of-the-Box and come up with attack vectors for the target components
• Perform Security Testing of the following: - Web Application - API - Mobile applications (android + iOS) - Infrastructure (Server + network) - AWS, Azure and GCP environments
• Pen Testing and Red team exercises against assigned target scope
• Write automation & PoC scripts from time to time
• Perform assessment to detect open-shares and non-compliant AD accounts
• Pentest Identity Provider (IdP) integrated applications with SSO and OAuth

Preferred Qualifications

• Have Security certifications i.e. OSCP, OSWE, CCSP
• Have Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs