IT Security Engineer - Vulnerability Assessment (7-9 yrs)

About the job :

Responsibilities :

- Perform manual and automated vulnerability assessments and penetration testing

- Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities

- Perform regular vulnerability assessments on servers to identify, prioritize, and remediate security weaknesses, ensuring a robust infrastructure

- Report and document security findings, remediation activities, and recommendations

- Collaborate with developers to remediate security risks and implement secure coding best practices

- Build security automation for internal use to enable Security Engineering to operate at high speed and scale

- Conduct source-code reviews using both automated and manual approaches

- Incorporate security practices into CI/CD pipelines, ensuring vulnerabilities are identified and addressed early in the development lifecycle

- Evaluate cloud infrastructure to identify vulnerabilities, ensure compliance with security standards, and mitigate potential threats

- Leverage SIEM systems for proactive monitoring, threat detection, and compliance to enhance application security

- Assess the security posture of third-party tools and services before adoption to identify risks and ensure compliance with organizational policies

- Research emerging security topics and new attack vectors

- Manage project timelines, deadlines, and expectations, including customer interactions

Technical Qualifications :

- In-depth understanding of security issues, exploitation techniques, and remediation measures

- Thorough and practical knowledge of OWASP

- Proven experience in performing penetration testing of various application types including web, web services, APIs and mobile

- Knowledge of DevSecOps and integrating application security toolsets within CI/CD pipeline at an enterprise level including DAST, SAST, SCA

- Ability to follow an in-depth manual testing process and not just run automated tools

- Development knowledge of any current programming languages would be an added advantage

- Strong understanding of software and application security

- Hands on experience with popular security tools Nessus, Burp suite, MobSF, KALI Linux

- Knowledge cloud platforms (AWS, Azure, GCP, etc.)

Personal Skills :

- Ability to communicate well verbally and in writing with various levels from junior developers to executive staff

- Ability to stay calm, professional in troubleshooting and resolving support issues

- Ability to quickly learn new concepts and software

- Ability to work in a team environment

- Ability to adjust tasks and schedule and adapt to changing priorities

Education and Work Experience :

- The candidate should have over 7 years of working experience.

- Background in CS, IT or related discipline is preferred.

- Certification in IT Security (CEH, CompTIA Security+, OSCP, etc.) or any interrelated skill will be an added advantage