Description

Purpose

Senior Security Engineer works within global information security function and will be responsible for Infrastructure and Application Pentest that includes Dynamic Application Security Testing, API Pentest, manual application and infrastructure Pentest.  Candidate will be responsible for ensuring the security and integrity of applications and underlying infrastructures.

Responsibilities:

Perform Application Security Assessment and Pentest for AI models, interfaces, and data pipelines (e.g., prompt injection, model inversion, jailbreaking, Agentic behaviour Limit etcetera)Perform application security testing and Pentest – Dynamic web/mobile Application Security Testing and API Security TestingIdentify vulnerabilities/misconfigurations in network devices, servers, firewalls, Cloud and other infrastructure componentsPerform Social Engineering, IOT/OT, Wireless, Active Directory and Web/Mobile Application Penetration TestingDesign and simulate end to end Pentest exercise to identify gaps in process and systems that a threat attacker can exploit to gain unauthorized accessIdentify misconfigurations, AD flaws and perform exploitative PentestPerform Red team activities and work with blue teams to validate detection and response capabilitiesAssess vulnerabilities and classify them based on the impact assessmentCollaborate with Dev team and drive remediation - tracking vulnerabilities and remediation progressParticipate in daily standups and provide cybersecurity updates

Business Strategy

Possess deep functional knowledge & work as subject matter expert as neededExpertise to coach & demonstrate know how as needed

Change Management

•       Change agent with strong credibility and influence team

 

Relationship Management

Work closely with the respective stakeholders. Collaborate and build strong relationship with functional teams to ensure required support for vulnerability remediation and enhancement of processes.

Excellent collaboration skills and the ability to influence team members

VS&Co provides a range of compensation for this role as shown. Your actual salary will be determined by a number of factors, including: your specific skills and experience, geographic region, or other relevant factors.

Qualifications

Qualification:

Education & Skill

Bachelor’s degree in Information Technology/Information Security or equivalent experience in technologySecurity certifications preferred such as:GIAC Web Application Penetration Tester (GWAPT)EC-Council Certified Penetration Tester (CPENT)Offensive Security Certified Professional (OSCP)

Work Expérience :

5-8 years of experience in Infrastructure and Application Security Penetration TestingFair understanding of AI deployment model, underlying infrastructure and related securityThorough understanding of OWASP  AI Pentest guidelines, OWASP LLM Top 10 and MITRE ATLAS and other relevant AI security frameworksExperience in using different Penetration Testing Tool frameworkExperience in infrastructure Penetration Testing – Active Directory, Perimeter Devices, OT/IOT systems, Wireless devices etceteraGood understanding of OWASP Top 10 vulnerabilities and MITRE ATT&CK FrameworkStrong verbal and written communication skillsAbility to communicate technical issues to non-technical audiences