Experience and Responsibilities:
Penetration Testing Duties:
• Conduct penetration testing on public-facing web applications, identifying vulnerabilities based on OWASP Top 10 and industry best practices.
• Perform penetration testing on API interfaces (REST, GraphQL, SOAP), identifying authentication and data exposure risks.
• Execute penetration testing on VMs hosted in Azure & AWS with public IP addresses, ensuring secure configurations and resilience against attacks.
• Assess Azure Key Vault and AWS Secrets Manager for misconfigurations, access control weaknesses, and data exposure risks.
• Perform penetration testing on privileged/admin accounts, evaluating authentication mechanisms and privilege escalation risks.
• Test wireless network security (Wi-Fi penetration testing) at designated locations, identifying unauthorized access points and encryption weaknesses.
• Provide detailed reports on vulnerabilities, risk analysis, and remediation steps to development and security teams.
Cybersecurity Specialist Duties:
• Monitor cloud security postures in Azure and AWS, ensuring proper access controls, IAM policies, and network security groups are in place.
• Implement and manage Intrusion Detection & Prevention Systems (IDS/IPS) and firewall security rules.
• Perform continuous vulnerability scanning and remediation tracking across on-premise and cloud infrastructure.
• Develop and enforce security policies, procedures, and incident response protocols.
• Investigate security incidents, breaches, and anomalies, working with IT teams to mitigate risks.
• Conduct security awareness training for internal teams on secure development practices and phishing defense.
• Ensure compliance with ISO 27001, NIST, GDPR, SOC2, and other relevant cybersecurity standards.
Skills and Personal Characteristics:
Technical Skills:
- 3-5 years of experience in penetration testing, cybersecurity, and cloud security assessments.
- Strong knowledge of penetration testing methodologies (OWASP, NIST, PTES).
- Hands-on experience in Azure & AWS security testing, IAM configurations, and cloud penetration testing.
- Proficiency in web application & API security testing (SQL Injection, XSS, CSRF, Broken Authentication, etc.).
- Strong understanding of privileged access security and active directory security (Azure AD & AWS IAM).
- Experience in wireless penetration testing, including WPA2/WPA3 assessments and rogue access point detection.
- Familiarity with penetration testing tools, such as:
- Burp Suite, OWASP ZAP
- Nmap, Nessus, OpenVAS
- Metasploit, SQLmap
- Wireshark, Aircrack-ng
- AWS Inspector, Azure Security Center
- Scripting proficiency in Python, PowerShell, Bash for automation and exploit development.
- Knowledge of Zero Trust security principles, IAM best practices, and endpoint security solutions.
Soft Skills:
• Strong analytical and problem-solving skills.
• Ability to effectively communicate security vulnerabilities to technical and non-technical stakeholders.
• Strong documentation and report writing skills, including detailed penetration testing reports.
• Ability to work independently and collaboratively with security, IT, and development teams.
Preferred Qualifications:
- Industry-recognized certifications (one or more preferred):
- OSCP (Offensive Security Certified Professional)
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- GWAPT (GIAC Web Application Penetration Tester)
- GPEN (GIAC Penetration Tester)
- AZ-500 (Microsoft Azure Security Engineer)
- AWS Certified Security – Specialty
• Experience with threat intelligence, SIEM solutions, and red/blue team exercises is a plus.
• Previous experience working with SOC teams and incident response.