Security Engineer - Vulnerability Assessment

Responsibilities : - Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities. - Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios. - Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components. - Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements. - Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains. - Develop secure coding, configuration, and deployment practices across both applications and infrastructure. - Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions. Requirements : - Experience : 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security. - Certifications : Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable. - Technical Expertise : Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations. - Programming and Scripting : Proficiency in at least one programming or scripting language (e. g., Python, JavaScript, Bash, or PHP). - Tools : Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security. - Cloud and Infrastructure Knowledge : Familiarity with security best practices for AWS and container security (e. g., Docker, Kubernetes). - Self-Starter : Highly self-motivated, thrives on independent research, and continuously seeks out new challenges. - Team Impact : Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams. Preferred Requirements : - Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities. - Experience in securing infrastructure environments, cloud networks, and virtualized systems. - A track record of independent security projects and active participation in security communities. - Passion for fostering a proactive security culture across both application and infrastructure teams. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 5/1/2025