Senior Staff Security Engineer

Summary

Join our Digital Product Engineering company as a Sr. security professional! We are a rapidly growing global company with a dynamic work culture. In this role, you will perform security testing (penetration testing) of applications and cloud environments, articulating findings to stakeholders. You will also act as a security advisor/consultant for client organizations. This position requires extensive experience in cybersecurity, application security testing, and security consulting. The ideal candidate will possess strong technical skills and a proven track record in the field.

Requirements

• Possess 8+ years of experience in the cyber security domain
• Have 4-5 years of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server)
• Have at least 3 years of experience in Security consulting role working as consultant and/or advisor to the client
• Possess thorough knowledge of the OWASP framework and testing guide
• Have hands-on knowledge of Pen testing, red team exercise, and bug hunting
• Possess knowledge on scripting (e.g. in Python, PowerShell, JavaScript) to write automation scripts & PoCs
• Possess knowledge on SSO and OAuth 2.0 flows
• Be well versed with the following tools: Burp Suite, Postman, VirtualBox, Kali Linux, Metasploit, Android Studio (AVD), Scripting, Tenable, AWS, Azure and GCP, DAST and SAST solutions, Snowflake and data modeling concepts
• Possess Must have Skills: Penetration Testing, Vulnerability Management, Cyber Risk Consulting

Responsibilities

• Perform security testing (Penetration testing) of Applications, & Cloud Environments
• Articulate security testing findings in an easily consumable manner to various internal stakeholders
• Work as a security advisor/consultant for client organizations
• Think Out-of-the-Box and work as a security advisor for client organizations
• Perform assessment to detect open-shares and non-compliant AD accounts
• Perform Security Testing of the following: Web Application, API, Mobile applications (android + iOS), Infrastructure (Server + network), AWS, Azure, and GCP environments
• Conduct Pen Testing and Red team exercises against assigned target scope
• Write automation & PoC scripts from time to time
• Pentest Identity Provider (IdP) integrated applications with SSO and OAuth

Preferred Qualifications

• Possess Security certifications i.e. OSCP, OSWE, CCSP
• Have experience of cloud security
• Have exposure to SIEM and SOC side of security ecosystem
• Have working experience of advisory/consulting role for CISO org
• Have exposure to DB scripting, data extraction and dashboarding
• Have Good To Have Skills: Snowflake, Database Design - General Experience