Sr. SOC Engineer (Red Teaming & Web Application Security Specialist)

Key Responsibilities: Red Teaming & Adversary Simulation

• Plan, execute, and document red team engagements simulating realistic cyberattacks against the organizations systems, applications, and users.
• Emulate threat actors tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK.
• Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required.
• Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans.

Web Application Security

• Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts.
• Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization.
• Work with development teams to remediate findings and ensure secure coding practices.
• Conduct source code reviews to detect and eliminate security flaws.

Security Research & Tool Development

• Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities.
• Stay current with emerging attack vectors, zero-days, and security trends.
• Perform threat modeling and provide secure architecture recommendations.

• 7 years of experience in Web security and red teaming
• Plan, execute, and document red team engagements simulating realistic cyberattacks against the organizations systems, applications, and users.
• Emulate threat actors tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK.
• Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required.
• Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans.
• Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts.
• Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization.
• Work with development teams to remediate findings and ensure secure coding practices.
• Conduct source code reviews to detect and eliminate security flaws.
• Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities.
• Stay current with emerging attack vectors, zero-days, and security trends.
• Perform threat modeling and provide secure architecture recommendations.
• If you are passionate about cybersecurity and ready to work with a top-tier SOC team, we invite you to join us at Hitachi Digital.