Associate Architect, Information Security

Senior Penetration Tester with strongDevSecOpsexpertise

Key Responsibilities:

Offensive Security & Penetration Testing

• Lead and perform advanced penetration testing across:
• Web, mobile (iOS/Android), and desktop/thick client applications
• APIs (REST,GraphQL, SOAP) with focus on business logic vulnerabilities
• Internal/external networks and hybrid infrastructure (on-prem and cloud)
• Execute red team engagements simulating real-world adversaries (APT-style)
• Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP)
• Employing post-exploitation, lateral movement, and persistence techniques
• Build andmaintainoffensive infrastructure (C2 servers, phishing platforms)
• Develop proof-of-concept exploits and adversary emulation scenarios
• Deploy andmonitorhoneypots/honeynets for threat detection andbehavioranalysis

DevSecOps& Secure SDLC

• Integrate security tools (SAST, DAST, SCA,IaCscanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD)
• Automate security testing and policy enforcement in the development lifecycle
• Collaborate with DevOps and developers to implement secure coding practices and remediation workflows
• Build custom scripts/tools for security automation (Python, Bash, PowerShell)
• Monitor and harden containerized and cloud-native infrastructure (Docker, Kubernetes, serverless)
• Support security gate controls and compliance checks across release pipelines

Reporting, Documentation & Communication

• Deliver detailed technical reports and executive summaries of findings
• Present findings to cross-functional stakeholders including engineering and executive leadership
• Provideactionable remediation guidance with risk prioritization
• Develop technical documentation, threat playbooks, and attack narratives

Leadership, Collaboration & Mentorship

• Mentor junior penetration testers and review their assessments
• Lead purple teaming exercises to bridge offensive and defensive capabilities
• Collaborate with blue teams to enhance detection and response
• Conduct knowledge sharing sessions and internal capability development
• Stay current with threat landscape, tools, and techniques

Required Qualifications:

Experience & Background

• 810 years in cybersecurity with primary focus on penetration testing and red teaming
• At least 2 years hands-on experience integrating security in CI/CD andDevSecOpsenvironments
• Proven leadership in complex offensive security engagements

Technical Skills

Offensive Security:

• Advanced penetration testing of web, mobile, and thick client apps
• Red teaming, lateral movement, and post-exploitation in enterprise environments
• API security testing and exploitation

Tooling & Platforms:

• Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike,BloodHound, Empire, Sliver
• Nessus, Nmap,Trivy, AWS Inspector, Azure Defender, GCP SCC
• GitHub Actions, Jenkins,GitLabCI/CD, Docker,Kubernetes

Scripting & Automation:

• Proficient in Python, Bash, PowerShell (Go or Ruby a plus)
• Automation of penetration testing tasks and CI/CD integration

Cloud & Infrastructure:

• Hands-on experience in AWS, Azure, GCP environments
• Active Directory attack techniques (e.g.,Kerberoasting, Golden Ticket)
• Container and cloud-native attack simulation

Security Frameworks:

• Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA
• Familiarity with threat intelligence and APT tactics

Preferred Qualifications:

Certifications

• One or more of the following:

• OSCP

  (Offensive Security Certified Professional)

• CPENT

  ,

  GIAC

  (GPEN, GXPN, GCPN, GWAPT, GMOB)

• CEH

  (Certified Ethical Hacker)

Specialized Skills

• Purple teaming and detection tuning
• Cloud-native and serverless security testing
• Honeypot/honeynet development
• Malware analysis fundamentals
• Threatmodeling(STRIDE, OCTAVE)
• Experience with regulatory frameworks (NIST, PCI DSS, HIPAA, GDPR)

Personal Attributes

• Strong problem-solving and critical thinking skills
• Excellent verbal and written communication, including reporting to technical and non-technical audiences
• Ability to lead, mentor, and collaborate effectively across teams
• Passion for offensive security, continuous learning, and responsible disclosure
• Adaptability to fast-paced, evolving threat environments