Job
Description
As an Application Security Expert - Red Team / Ethical Hacker, you will play a critical role in proactively identifying and exploiting security vulnerabilities in software applications throughout the Software Development Life Cycle (SDLC). Working as a key member of the in-house Red Team, your focus will be on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to enhance the overall security posture. **Responsibilities:** - **Red Teaming & Attack Simulation:** - Plan and execute realistic attack simulations on web, mobile, and desktop applications to identify weaknesses and bypass security controls. - Develop and utilize custom exploits, tools, and techniques to mimic the tactics of advanced threat actors. - Conduct social engineering campaigns to assess employee awareness and identify vulnerabilities. - **Advanced Penetration Testing:** - Perform in-depth penetration tests of applications, networks, and systems using automated tools and manual techniques. - Identify and exploit complex vulnerabilities related to application logic, authentication, authorization, and data handling. - Develop detailed penetration test reports with clear remediation recommendations. - **Secure Code Review (Offensive Perspective):** - Conduct code reviews from an offensive perspective to identify potential vulnerabilities. - Provide developers with guidance on secure coding practices and vulnerability remediation. - Develop and maintain secure coding guidelines and checklists. - **Vulnerability Research & Exploit Development:** - Stay current on security threats, vulnerabilities, and exploit techniques. - Conduct vulnerability research to identify new threats. - Develop custom exploits and tools to test and demonstrate vulnerability impacts. - **SDLC Integration & Security Advocacy:** - Collaborate with development teams to integrate security testing and red teaming into the SDLC. - Provide security guidance on application architecture and design during design reviews. - Promote a security-conscious culture within the development organization. - **Vulnerability Management (Validation & Verification):** - Validate and verify the effectiveness of vulnerability remediation efforts. - Retest remediated vulnerabilities to ensure proper resolution. - **Security Tooling & Automation (Offensive Tools):** - Evaluate, recommend, and customize offensive security tools and technologies. - Automate red teaming and penetration testing processes to enhance efficiency and coverage. **Required Skills and Qualifications:** - **Education:** - Bachelor's or Master's degree in Computer Science, Information Security, or a related field. - **Experience:** - 8+ years of experience in application security, penetration testing, red teaming, or related fields. - Demonstrable experience in conducting advanced penetration tests and red team engagements. - Strong understanding of web application vulnerabilities, penetration testing tools, and exploit development. - **Technical Skills:** - Expert proficiency in one or more programming languages. - Strong understanding of web application architectures, network protocols, and cloud security principles. - Familiarity with authentication and authorization mechanisms. **Certifications:** - Offensive Security Certified Professional (OSCP) - Required - Certified Ethical Hacker (CEH) - Preferred - GIAC Web Application Penetration Tester (GWAPT) - Preferred - Offensive Security Certified Expert (OSCE) - Highly Preferred - Offensive Security Web Expert (OSWE) - Highly Preferred,
