Information Security Engineer Lead

Job Summary

penetration testing and vulnerability assessment

Key Responsibilities

Penetration Testing & Vulnerability Assessment

• Perform

  manual and automated penetration testing

  on web applications, APIs, mobile apps, cloud environments, and internal/external networks.
• Conduct

  Red Team & Blue Team exercises

  , simulate real-world cyber-attack scenarios.
• Identify security gaps, exploit vulnerabilities ethically, and document findings.
  
• Perform

  Vulnerability Scanning (SAST/DAST), Threat Modelling & Risk Assessment

  .
• Develop and execute

  test plans, exploitation scripts, and PoC attacks

  .
• Evaluate security of

  firewalls, SIEM, IAM, WAF, VPN, endpoints, containers, VMs, Kubernetes

  , etc.

Reporting & Documentation

• Prepare

  detailed Pen Test reports

  , risk ratings, and mitigation recommendations.
• Present security findings to management and technical teams.
  
• Assist development teams in understanding and fixing vulnerabilities (DevSecOps support).
  

Security Best Practices & Compliance

• Ensure adherence to

  ISO 27001, NIST, OWASP Top 10, CIS Benchmarks

  , PCI-DSS and other standards.
• Support security audits, incident response, and forensic investigation if needed.
  
• Contribute in

  security policies, procedures, and hardening guidelines

  .

Continuous Improvement

• Research emerging threats, exploits, and attack vectors.
  
• Recommend advance security tools, frameworks, and automation approaches.
  
• Mentor junior security staff and participate in cybersecurity training sessions.
  

Required Skills & Qualifications

• Bachelors in Computer Science, Cybersecurity or related field.
  

• 3–7 years experience

  in Penetration Testing / Ethical Hacking.
• Strong knowledge of

  OWASP, Kali Linux, Burp Suite, Metasploit, Nmap, Wireshark, Nessus

  , etc.
• Experience in

  reconnaissance, exploitation, privilege escalation, post-exploitation

  .
• Ability to test

  Web/Mobile apps, Network Security, Cloud Security, Active Directory attacks

  .
• Hands-on scripting knowledge:

  Python, Bash, PowerShell, JS or similar

  .
• Understanding of

  Secure SDLC, DevSecOps, CI/CD security integration

  .

Preferred Certifications (Plus)

• CEH (Certified Ethical Hacker)
  
• OSCP / OSWE / OSEP
  
• GPEN, GWAPT
  
• CISSP (bonus)
  
• ISO 27001 Lead Implementer/Auditor (preferred)