Role Overview
We are looking for a highly skilled and versatile Information Security Specialist who can perform the roles of a Penetration Tester and Cybersecurity Specialist across diverse environments, including cloud platforms, backend APIs, web applications, mobile (Android & iOS), and enterprise systems. This role is crucial in ensuring the security of our digital ecosystem by identifying vulnerabilities, implementing security measures, and safeguarding sensitive data against cyber threats.
Roles and Responsibilities:
- Security Assessments & Penetration Testing:
- Conduct detailed penetration testing across multiple platforms, including web, mobile (iOS/Android), cloud environments (AWS, Azure, GCP), and APIs.
- Perform vulnerability assessments using automated tools and manual testing to uncover security risks.
- Simulate cyber-attacks and exploit discovered vulnerabilities to assess the overall security posture.
- Develop threat models and provide mitigation strategies to minimize risk exposure.
- Cloud Security:
- Perform cloud security audits and reviews for AWS, Azure, or GCP environments.
- Implement and monitor cloud security policies, ensuring alignment with industry standards (e.g., PCIDSS, NIST, ISO 27001, GDPR).
- Conduct regular security reviews and configuration assessments of cloud-native applications and infrastructure.
- Backend API Security:
- Analyze and secure backend APIs against attacks such as injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and API endpoint misconfigurations.
- Review API authentication and authorization mechanisms (OAuth, JWT) for potential vulnerabilities.
- Implement secure coding practices in collaboration with development teams to minimize attack surfaces.
- Mobile Security (Android & iOS):
- Conduct penetration testing on Android and iOS applications using static and dynamic analysis techniques.
- Assess mobile app security for potential vulnerabilities like insecure data storage, improper SSL/TLS implementations, and weak encryption.
- Provide guidance to mobile app development teams on secure coding best practices.
- Web Security:
- Perform comprehensive security testing of web applications, including OWASP Top 10 vulnerabilities, security misconfigurations, and business logic flaws.
- Ensure secure configuration and hardening of web servers, firewalls, and application servers.
- Incident Response & Threat Management:
- Lead incident response efforts, including threat identification, mitigation, and forensic investigation.
- Conduct risk assessments, analyzing attack patterns, TTPs (Tactics, Techniques, and Procedures), and implement countermeasures.
- Participate in cybersecurity drills and prepare reports on the effectiveness of defenses.
- Security Compliance & Policy Development:
- Assist in developing, implementing, and maintaining security policies, procedures, and best practices across the organization.
- Ensure compliance with industry standards such as PCI-DSS, HIPAA, GDPR, and others.
- Work closely with legal and compliance teams to ensure data protection regulations are met across all environments.
- Collaboration & Training:
- Provide security training and awareness sessions to development and operations teams.
- Collaborate with DevOps teams to implement DevSecOps methodologies and ensure continuous security integration within the CI/CD pipeline.
- Conduct red team exercises and penetration testing scenarios, briefing teams on the outcomes and helping them implement improvements.
Qualifications:
- Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s degree is a plus.
- Certifications (Preferred but not required):
- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional)</span
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- GPEN (GIAC Penetration Tester)
- CompTIA Security+
- Technical Skills:
- Penetration Testing Tools: Proficient with tools like Metasploit, Burp Suite, Wireshark, Nmap, Nessus, or OpenVAS.
- Cloud Security: In-depth knowledge of cloud security frameworks and tools for AWS, GCP, and Azure.
- Mobile Security: Experience with mobile security frameworks, and tools like Drozer, MobSF, FRIDA or similar.
- API Security: Understanding of API security testing, OAuth, JWT, and encryption techniques.
- Web Security: Experience with SAST/DAST tools like ZAP, Veracode, or SonarQube for web security assessments and code reviews.
- Network Security: Knowledge of network security monitoring and firewall management.
- Experience:
- 3-5 years of experience in information security, penetration testing, or vulnerability management.
- Extensive experience with cloud platforms (AWS, Azure, GCP), securing APIs, and mobile application security.
- Extensive experience in Mobile (iOS & Android ) Pentesting , Web & Apis Pentesting.
- Experience in Securing the CI/CD Pipelines.
- Must have experience working with PCI-DSS Compliance.
- Strong knowledge of security protocols, cryptography, authentication mechanisms, and data protection.
- Prior experience working in agile environments and collaborating with cross-functional teams.