Senior Information Security Engineer

About the job Senior Information Security Engineer Key Responsibilities:

Perform web application, API, and mobile application penetration testing using industry-leading methodologies (OWASP, PTES, etc.).

Conduct network penetration testing and infrastructure security assessments.

Execute Vulnerability Assessment and Penetration Testing (VAPT) engagements, document findings, and recommend remediations.

Integrate security into the Software Development Lifecycle (SDLC) and advise development teams on secure coding practices.

Develop, enhance, and maintain security testing frameworks and tools
.

Review and validate security patches, mitigations, and fixes.

Stay updated on the latest attack techniques, exploits, and threat landscapes to enhance testing methodologies.

Collaborate with cross-functional teams to support security awareness and risk reduction efforts.

46 years of experience in Information Security, with a focus on application and network penetration testing
.

Hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, and other manual testing tools
.

Deep understanding of OWASP Top 10
, SANS Top 25
, and common exploitation techniques.

Experience in secure SDLC practices and working with development teams to resolve findings.

Strong knowledge of mobile application security (iOS and Android) and API testing methodologies
.

Excellent report writing and communication skills for both technical and non-technical stakeholders.

OSCP (Offensive Security Certified Professional)

OSWE (Offensive Security Web Expert)

eWPT / eWPTX (eLearn

Security Web Application Penetration Tester)

PNPT (Practical Network Penetration Tester)