Company Description
We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale β across all devices and digital mediums, and our people exist everywhere in the world (19000+ experts across 33 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!
Job Description
We are looking for a Sr. security professional with experience performing security testing (Pen testing) of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders.
You should have exposure to work as a security advisor/consultant for client organizations.
Capability to think Out-of-the-Box and work as a security advisor for client org is key to this role.
Qualifications
Must have Skills: Penetration Testing, Vulnerability Management, Cyber Risk Consulting.
Overall 8+ years of experience in the cyber security domain.
4-5 years of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server).
Should have at least 3 years of experience in Security consulting role working as consultant and/or advisor to the client.
Thorough knowledge of the OWASP framework and testing guide.
Hands-on knowledge of Pen testing, red team exercise, and bug hunting.
Knowledge on scripting (e.g. in Python, PowerShell, JavaScript) to write automation scripts & PoCs.
Knowledge on SSO and OAuth 2.0 flows.
Should be able to perform assessment to detect open-shares and non-compliant AD accounts.
Should be well versed with the following tools: Burp Suite, Postman, VirtualBox, Kali Linux, Metasploit, Android Studio (AVD), Scripting, Tenable, AWS, Azure and GCP, DAST and SAST solutions, Snowflake and data modeling concepts.
Good to have skills:
- Security certifications i.e. OSCP, OSWE, CCSP are a plus.
- Experience of cloud security.
- Exposure to SIEM and SOC side of security ecosystem.
- Working experience of advisory/consulting role for CISO org.
- Exposure to DB scripting, data extraction and dashboarding will be a key advantage.
- Should be good at performing Security Testing of the following: Web Application, API, Mobile applications (android + iOS), Infrastructure (Server + network), AWS, Azure, and GCP environments.
- Pen Testing and Red team exercises against assigned target scope.
- Write automation & PoC scripts from time to time.
- Pentest Identity Provider (IdP) integrated applications with SSO and OAuth.
Good To Have Skills: Snowflake, Database Design - General Experience