IT Auditor - Technical Security

Job Description

Job Description We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks. Responsibilities  Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities.  Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products.  Assess and enhance API security by evaluating API designs, configurations, and implementations for potential security risks and vulnerabilities.  Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls.  Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities.  Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies.  Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks.  Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications. Requirements:  Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred)  5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications.  4 to 7 years of experience in performing Source Code Reviews for web applications and software products.  Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc.  Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques.  Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms.  Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C/C++, etc.).  Knowledge of cloud security and DevSecOps processes.  Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities.  Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders.  Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.