Ethical Hacker / Application Security Expert - Red Team

Role Overview: As an Application Security Expert specializing in Red Team / Ethical Hacking, your primary responsibility is to proactively identify and exploit security vulnerabilities in software applications across the Software Development Life Cycle (SDLC). You will play a crucial role as a key member of the in-house Red Team, focusing on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to enhance the overall security posture. Key Responsibilities: - Plan and execute realistic attack simulations on web, mobile, and desktop applications - Develop custom exploits, tools, and techniques to replicate advanced threat actors - Conduct social engineering campaigns to evaluate employee awareness - Perform in-depth penetration testing on applications, networks, and systems - Identify and exploit complex vulnerabilities - Create detailed penetration test reports with actionable recommendations - Conduct code reviews from an offensive perspective - Provide guidance on secure coding practices and develop secure coding guidelines - Stay updated on the latest security threats, vulnerabilities, and exploit techniques - Conduct vulnerability research, develop custom exploits and tools, and integrate security testing into the SDLC - Collaborate with development teams, participate in design reviews, and promote a security-conscious culture within the organization - Validate and verify the effectiveness of vulnerability remediation efforts - Retest remediated vulnerabilities - Evaluate and customize offensive security tools - Automate red teaming and penetration testing processes Qualifications Required: - Bachelor's or Master's degree in Computer Science, Information Security, or a related field - Minimum of 8 years of experience in application security, penetration testing, or red teaming - Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Expert (OSCE), and Offensive Security Web Expert (OSWE) are highly preferred (Note: No additional details about the company were mentioned in the job description.),