Role & Responsibilities:
● Conduct comprehensive vulnerability assessments on infrastructure, applications, and networks
● Prioritize vulnerabilities based on risk levels and provide actionable remediation plans
● Develop and maintain a robust vulnerability management lifecycle
● Perform manual and automated penetration tests on web applications, APIs, mobile apps, and networks
● Simulate real-world attacks to identify security weaknesses and validate controls
● Research and integrate emerging tools and techniques to enhance testing capabilities
● Integrate security controls into the CI/CD pipelines to ensure secure software development practices
● Automate security testing processes, including static and dynamic code analysis
● Perform in-depth security reviews of applications, including source code reviews and architecture analysis
● Advocate for security-by-design principles across all stages of the SDLC
● Develop and implement long-term strategies for improving overall security posture
● Engage in threat modeling and risk assessment for critical assets
● Secure Configuration Reviews
● Development and Implementation of Secure Coding / Secure Development Process/Framework
● Support for implementation of Secure Application Architecture for Applications
● Source Code, Application Security Reviews
● Implementation of SCA / SBOM controls
● Document findings, write detailed reports, and present results to technical and non-technical stakeholders
● Ensure compliance with security standards (e.g., OWASP, NIST, ISO 27001)
● Leading and mentoring team to achieve the objectives
● In-depth understanding of frameworks like MITRE ATT&CK, OWASP Top 10, and secure SDLC
● Provide expert guidance during incident response and post-breach analysis
● Collaborate with cross-functional teams, including IT, DevOps, and compliance
● Stay updated on emerging threats, vulnerabilities, and security technologies