Infrastructure Security Lead

We are looking for a highly skilled and versatile Information Security Specialist who can perform the roles of a Penetration Tester and Cybersecurity Specialist across diverse environments, including cloud platforms,

backend APIs, web applications, mobile (Android & iOS), and enterprise systems. This role is crucial in ensuring the security of our digital ecosystem by identifying vulnerabilities, implementing security measures, and safeguarding sensitive data against cyber threats.

Key Responsibilities:

● Security Assessments & Penetration Testing:

o Conduct detailed penetration testing across multiple platforms, including web, mobile (iOS/Android), cloud environments (AWS, Azure, GCP), and APIs.

o Perform vulnerability assessments using automated tools and manual testing to uncover security risks.

o Simulate cyber-attacks and exploit discovered vulnerabilities to assess the overall security posture.

o Develop threat models and provide mitigation strategies to minimize risk exposure.

● Cloud Security:

o Perform cloud security audits and reviews for AWS, Azure, or GCP environments.

o Implement and monitor cloud security policies, ensuring alignment with industry standards (e.g., PCIDSS, NIST, ISO 27001, GDPR).

o Conduct regular security reviews and configuration assessments of cloud-native applications and infrastructure.

● Backend API Security:

o Analyze and secure backend APIs against attacks such as injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and API endpoint misconfigurations.

o Review API authentication and authorization mechanisms (OAuth, JWT) for potential vulnerabilities.

o Implement secure coding practices in collaboration with development teams to minimize attack surfaces.

● Mobile Security (Android & iOS):

o Conduct penetration testing on Android and iOS applications using static and dynamic analysis techniques.

o Assess mobile app security for potential vulnerabilities like insecure data storage, improper SSL/TLS implementations, and weak encryption.

o Provide guidance to mobile app development teams on secure coding best practices.

● Web Security:

o Perform comprehensive security testing of web applications, including OWASP Top 10

vulnerabilities, security misconfigurations, and business logic flaws.

o Ensure secure configuration and hardening of web servers, firewalls, and application servers.

● Incident Response & Threat Management:

o Lead incident response efforts, including threat identification, mitigation, and forensic investigation.

o Conduct risk assessments, analyzing attack patterns, TTPs (Tactics, Techniques, and Procedures), and implement countermeasures.

o Participate in cybersecurity drills and prepare reports on the effectiveness of defenses.

● Security Compliance & Policy Development:

o Assist in developing, implementing, and maintaining security policies, procedures, and best practices across the organization.

o Ensure compliance with industry standards such as PCI-DSS, HIPAA, GDPR, and others.

o Work closely with legal and compliance teams to ensure data protection regulations are met across all environments.

● Collaboration & Training:

o Provide security training and awareness sessions to development and operations teams.

o Collaborate with DevOps teams to implement DevSecOps methodologies and ensure continuous security integration within the CI/CD pipeline.

o Conduct red team exercises and penetration testing scenarios, briefing teams on the outcomes and helping them implement improvements.

Required Skills and Qualifications:

● Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a

related field. A master's degree is a plus.

● Certifications (Preferred but not required):

o CEH (Certified Ethical Hacker)

o OSCP (Offensive Security Certified Professional)

o CISSP (Certified Information Systems Security Professional)

o CISM (Certified Information Security Manager)

o GPEN (GIAC Penetration Tester)

o CompTIA Security+

● Technical Skills:

o Penetration Testing Tools: Proficient with tools like Metasploit, Burp Suite, Wireshark, Nmap, Nessus, or OpenVAS.

o Cloud Security: In-depth knowledge of cloud security frameworks and tools for AWS, GCP, and Azure.

o Mobile Security: Experience with mobile security frameworks, and tools like Drozer, MobSF, FRIDA or similar.

o API Security: Understanding of API security testing, OAuth, JWT, and encryption techniques.

o Web Security: Experience with SAST/DAST tools like ZAP, Veracode, or SonarQube for web security assessments and code reviews.

o Network Security: Knowledge of network security monitoring and firewall management.

● Experience:

o 7-8 years of experience in information security, penetration testing, or vulnerability management.

o Extensive experience with cloud platforms (AWS, Azure, GCP), securing APIs, and mobile application security.

o Extensive experience in Mobile (iOS & Android) Pen testing, Web & Apis Pen testing.

o Experience in Securing the CI/CD Pipelines.

o Must have experience working with PCI-DSS Compliance.

o Strong knowledge of security protocols, cryptography, authentication mechanisms, and data protection.