Sr.Security Engineer

• Take a hands-on role in conducting penetration Testing and vulnerability assessments on Web
• Applications, APIs and cloud platforms (AWS, GCP, etc.) to identify vulnerabilities and potential attack vectors.
• Identify Security design gaps in new and existing cloud architectures and Collaborate with other teams to craft solutions to mitigate the issues
• Perform Cloud Security Assessment, evaluate security controls of cloud platforms and cloud deployment.
• Lead and Oversee the Security Team to ensure high-quality deliverables to our clients
• Document findings, methodologies and exploitation techniques in clear and actionable reports for technical and non technical stakeholders.
• Lead incident response efforts in the event of security breaches or incidents
• Provide Guidance, training and direction to less experienced staff members
• Perform threat modelling on the cloud-based scenarios and able to apply the principles to secure the cloud platforms.
• Plan and execute social enginnering assessments to evaluate the organization's susceptibility to phising, pretexting and other manipulation techniques.
• Demonstrate a deep understanding of cloud security concepts and best practices, advising clients on how to secure thier cloud effectively.
• Define and develop Build & Release best practice by working within teams and educating the other stakeholder teams.
• Collaborate with team to implement security controls, defences, and countermeasures to intercept and prevent internal or external attacks on cloud environments.
• Staying up-to-date and ahead of what is happening in AppSec and CloudSec: Researching and Investigating new attack vectore and security flaws in cloud and web, etc.

‍

1. Degree: Bachelors Degree in Computer Science
2. Proven prior experience as a Penteration Testing Expert for 4+ Years 
3. 3+ Years of Hands on experience in cloud (AWS & GCP) security architecture, native security tools and  good knowledge of cloud security is desirable.  
4. Experience in planning and executing penetration tests/red team exercises against Web Applications,  APIs, containers, cloud platforms (AWS, GCP, etc.). 
5. Proficiency in creating exploit and PenTest Scripts 
6. Practical Experience with testing frameworks like PTES, OWASP, etc and strong knowledge of OWASP  TOP 10 is a must.  
7. Familiarity with industry-standard security practices(OWASP, SANS, etc.) and knowledgeable about  industry security guidelines and compliance standards such as ISO 27001, SOC 2, HIPAA, etc. 
8. Proficiency in using security tools like Burp Suite, Metasploit, Nessus, Wireshark, nmap 
9. Good knowledge of security containers, hands on in experience with DevSecOps principles and a good  handle on end-to-end Sec Dev Processes. 
10. Have relevant experience in DevOps & Migration to cloud. 
11. Strong Communications Skills 
12. Strong critical thinking and problem-solving abilities. 

Good to have Certifications: 

• Offensive Security Certified Professional (OSCP) 
• GIAC Certified Penetration Tester (GPEN) 
• eLearn Security Web Application Penetration Tester eXtreme (eWPTX) 
• CREST Registered Penetration Tester (CRT) 
• AWS Certified Security - Specialty 
• Google Cloud - Professional Cloud Security Engineer (PCSE) 
• Certified Cloud Security Professional (CCSP)