Senior Information Security Engineer

Key Responsibilities:

• Perform web application, API, and mobile application penetration testing using industry-leading methodologies (OWASP, PTES, etc.).

• Conduct network penetration testing and infrastructure security assessments.

• Execute Vulnerability Assessment and Penetration Testing (VAPT) engagements, document findings, and recommend remediations.

• Integrate security into the Software Development Lifecycle (SDLC) and advise development teams on secure coding practices.

• Develop, enhance, and maintain security testing frameworks and tools.

• Review and validate security patches, mitigations, and fixes.

• Stay updated on the latest attack techniques, exploits, and threat landscapes to enhance testing methodologies.

• Collaborate with cross-functional teams to support security awareness and risk reduction efforts.

Required Skills & Qualifications:

• 46 years of experience in Information Security, with a focus on application and network penetration testing.

• Hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, and other manual testing tools.

• Deep understanding of OWASP Top 10, SANS Top 25, and common exploitation techniques.

• Experience in secure SDLC practices and working with development teams to resolve findings.

• Strong knowledge of mobile application security (iOS and Android) and API testing methodologies.

• Excellent report writing and communication skills for both technical and non-technical stakeholders.

Preferred Certifications (1 or more):

• OSCP (Offensive Security Certified Professional)

• OSWE (Offensive Security Web Expert)

• eWPT / eWPTX (eLearnSecurity Web Application Penetration Tester)

• PNPT (Practical Network Penetration Tester)

• HTB CPTS (Certified Penetration Testing Specialist)