The company is looking to strengthen the security of its B2B enterprise products and services by conducting pre-authorized simulated attacks to test system resilience.
Requirements
Comprehensive knowledge in Information Security practices on malware, phishing attacks, attack vectors and methods to protect against threats
Extensive Knowledge in Java ,Kotlin or C or any relevant programming language
Experience with reverse engineering tools (e.g. IDA Pro & Ghidra) , debugging tools(e.g. JTAG/SWD)
Experience in Endpoint security platforms
Experience testing Endpoint Detection & Response (EDR), Extended Detection & Response (XDR) platforms, Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) or related products
Certifications in offensive security: OSCP or OSWA or OSWE or CRTO or BSCP or similar
Experience with Android platform, Android Apps, Backend APIs, and Cloud services
Responsibilities
Develop expertise in product solutions and execute white box and black box penetration scenarios
Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets
Research and conduct adversary simulation for known security threats and identify novel attack vectors
Conduct Threat modelling, Threat Intelligence and scoping with stakeholders
Build Test harness & required Automation suites and validate attack vectors in Threat Lab
Research and developing exploits for zero-day vulnerabilities
Vulnerability logging and tracking until closure
Other
Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent combination of education training and experience
5+ years’ experience in Penetration testing including with 2+ year experience in Android
Strong communications, documentation and reporting skills
History in cyber security competitions or CTFs
Blogpost on security research, walkthroughs or PoCs on security domain
Malware development or reverse engineering experience
