Must Have : Industry recognised certifications (e.g. CISSP, OSCP, CRT, CREST, CRTP, OSCP, OSCE, OSWP, OSWE, OSEE)
Responsibilities:
Actively participate in security testing of web and mobile applications.
Conduct thorough penetration tests on applications, systems, and networks to identify vulnerabilities.
Support the internal and/or customer development team in the preparation, formalization, implementation and verification of security requirements following a Security by Design principle.
Develop and execute hands-on DevSecOps programs, including penetration testing, automation, static/dynamic code analysis, threat modeling, and developer training.
Ability to think like an attacker. Conduct secure design reviews and contribute to threat modeling exercises.
Preparing reports at both technical and executive level, providing recommendations to an heterogeneous public.
Plan, lead and execute projects, including team management.
Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
Engage in continuous learning and research to improve your skills and contribute to the team's knowledge base.
Requirements:
Minimum 5 years of consulting experience in Red Teaming/Pentesting and possesses industry recognised certifications (e.g. CISSP, OSCP, CRT, CREST, CRTP)
Experienced and well versed in security testing domains. For example, red teaming, web/network/mobile/cloud/thick client vulnerability assessments and penetration testing.
Proven experience in implementing proactive security solutions and integrating security into the software development lifecycle (SDLC).
Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques
Familiarity with programming languages (e.g., Python, Bash, C#, or JavaScript).
Hands-on experience securing cloud infrastructure and familiarity with containerization technologies (Kubernetes, Docker).
