Conducting vulnerability assessments and penetration testing to identify security weaknesses across infrastructure and applications.
Perform offensive security activities, including red teaming exercises, to simulate real-world cyber-attacks and evaluate the effectiveness of defensive measures.
Knowledge of current attack methods, manual penetration testing techniques, tools (e.g., Nessus, Nmap, Metasploit, Kali Linux, Sonar, Burp Suite etc.).
Staying current with new attack vectors and tools, and incorporating them into testing procedures
Work closely with the cross-domain teams to resolve security issues and suggest appropriate fixes.
Documenting and reporting findings, including recommendations for remediation and liaising with internal stakeholders for closure.
In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security concepts, along with common application security risks.
Perform in-depth manual and automated static secure code analysis with open source and commercial tools.
Automate common testing techniques to improve efficiency and write technical and executive reports.
Any other related duty assigned by Line Manager/HOD Information Security.
