Cyber Security Engineer

Key Responsibilities • Perform in-depth penetration testing and vulnerability assessments specifically on network infrastructures and web applications (including APIs and mobile apps). • Conduct manual and automated web app testing using tools such as Burp Suite, OWASP ZAP, Nikto, sqlmap, and others to identify common vulnerabilities like SQL injection, XSS, CSRF, authentication flaws, and broken access control. • Execute network penetration tests using Nmap, Nessus, OpenVAS, Metasploit, and Wireshark to detect open ports, misconfigurations, unpatched vulnerabilities, weak protocols, and privilege escalation vectors. • Simulate advanced attack techniques such as lateral movement, privilege escalation, DNS poisoning, ARP spoofing, and man-in-the-middle attacks on network assets. • Analyze network traffic and logs to identify suspicious activities and potential security gaps. • Identify, classify, and prioritize vulnerabilities using CVSS scoring combined with business risk context. • Prepare clear, actionable penetration testing reports with detailed proof-of-concept exploits, risk assessment, and remediation guidance for both technical teams and executives. • Collaborate closely with network engineers, developers, and security teams to ensure effective patching and mitigation of identified vulnerabilities. • Perform secure code review and contribute to threat modeling to harden web applications and APIs. • Use SIEM solutions like Splunk, ELK, and Wazuh for threat detection, correlation analysis, and incident response support. • Stay current on the latest web application vulnerabilities (OWASP Top 10), network attack vectors, CVEs, and exploit techniques. • Automate testing and reporting processes with Python, Bash, or similar scripting languages. Required Skills • 2+ years of hands-on experience in network and web application penetration testing. • Expertise in testing and securing TCP/IP, DNS, HTTP/HTTPS, SSL/TLS, and other network protocols. • Deep knowledge of web application security flaws including SQLi, XSS, CSRF, SSRF, and authentication/authorization weaknesses. • Proficiency with penetration testing tools: Burp Suite, Nmap, Metasploit, Nessus, OWASP ZAP, sqlmap, Wireshark. • Strong scripting skills for automation and exploitation using Python, Bash, or similar. • Familiarity with security frameworks: OWASP Top 10, MITRE ATT&CK, NIST, CIS Controls. • Experience with Linux environments, cloud platforms (AWS, Azure, GCP), and container security (Docker, Kubernetes).

Job Type: Full-time

Pay: ₹700,000.00 - ₹900,000.00 per year

Benefits:

• Health insurance
• Provident Fund

Work Location: In person