Principal Security Engineer

• Lead penetration testing, vulnerability assessments, and threat modeling activities against internal and external systems, applications, and infrastructure.
• Define objectives and scope of penetration testing activities within an ethical and legal framework.
• Design and execute comprehensive test plans covering functional, non-functional, and security aspects.
• Develop and implement effective security testing methodologies and best practices, ensuring alignment with industry best practices and compliance requirements.
• Identify, prioritize, and report security vulnerabilities: Analyze discovered vulnerabilities, assess their impact, and recommend effective remediation strategies.
• Research, and evaluate current vulnerabilities, provide remediation and configuration guidance.
• Develop and maintain automated test scripts using various testing frameworks and tools.
• Collaborate with stakeholders to develop remediation strategies.
• Foster a culture of learning and development within the team by sharing expertise.

• Implementing frameworks like MITRE ATT&CK and PTES to design realistic attack scenarios and exploit complex vulnerabilities.
• Identify, log, and report security flaws effectively, providing detailed steps to reproduce.
• Conduct penetration tests against various systems and applications, including web applications, APIs, infrastructure, and cloud environments.
• Conduct post-exploitation activities and assess potential consequences to product owners and stakeholders.
• Prioritize vulnerabilities based on risk and recommend comprehensive remediation strategies.
• Prepare and present security reports and findings to management and stakeholders.
• Collaborating with developers, product owners, and stakeholders to communicate security findings, recommend remediation actions.
• Maintain accurate and up-to-date documentation of Document testing procedures, findings, and recommendations.

• Bachelor's degree in Computer Science, Information Security, or related field.
• 12+ years of experience in security testing, with at least 6 years of experience with Penetration Testing.
• Experience with industry-standard security testing tools and methodologies (e.g., Burp Suite, Metasploit, Kali Linux, OWASP, CWE, MITRE ATT&CK).
• Experience working with GitHub, CI/CD technology, shift-left tools, and application security workflow.
• Knowledge of relevant security standards and regulations (e.g., PCI DSS, HIPAA).
• Strong scripting and programming skills (e.g., Python).
• Experience with cloud security assessments (Azure).
• Experience with red teaming and social engineering techniques.
• Excellent communication, collaboration, and interpersonal skills.
• Ability to work independently and take ownership of projects.
• Additional certifications, such as CISSP, OSCP, or CEH, are a plus.

Providence India