Job Summary:

The role is responsible for proactively identifying vulnerabilities in IT infrastructure, applications, and systems through penetration testing and vulnerability assessments. This role also involves engaging in purple team activities, collaborating closely with defensive security teams to enhance detection, response, and mitigation capabilities.

Key Responsibilities:

1. Penetration Testing and Vulnerability Assessment:
   • Conduct comprehensive penetration testing across internal and external infrastructure, web applications, mobile applications, APIs, networks, and cloud environments.
   • Identify, document, and communicate vulnerabilities, risks, and mitigation strategies effectively to relevant stakeholders.
2. Purple Teaming Activities:
   • Actively engage in collaborative purple teaming exercises with defensive teams to test, evaluate, and enhance detection and response capabilities.
   • Recommend improvements to defensive mechanisms based on attack simulations and threat modeling exercises.
3. Security Reporting and Documentation:
   • Prepare detailed technical reports on security assessments, clearly articulating vulnerabilities, risks, potential impacts, and recommended remediation actions.
   • Maintain detailed records of testing methodologies, findings, remediation statuses, and improvement recommendations.
4. Tool and Technique Management:
   • Maintain expertise in penetration testing tools, methodologies, and tactics.
   • Continually improve the effectiveness and sophistication of penetration testing methodologies, adapting to emerging threats and vulnerabilities.
5. Incident Response Support:
   • Assist in security incident response activities as needed, providing insights derived from offensive testing exercises.
   • Support root-cause analyses and recommend preventive measures to strengthen overall security posture.
6. Collaboration and Training:
   • Collaborate closely with information security, IT, and business teams to remediate identified vulnerabilities effectively.
   • Provide training, mentorship, and awareness sessions to internal teams on penetration testing findings, methodologies, and purple team collaboration.
7. Continuous Professional Development:
   • Keep current on industry trends, security research, vulnerabilities, exploits, and new testing methodologies.
   • Attend professional security conferences, training sessions, and certification courses as relevant.

Education

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Certifications such as OSCP, GPEN, GWAPT, CEH, or equivalent are strongly preferred.

Experience

• 3-6 years of hands-on experience in penetration testing, vulnerability assessments, and security testing.
• Experience with purple team exercises or collaboration with defensive cybersecurity teams.
• Understanding of application security, CI/CD pipelines, and software development processes would be a plus.

Skills and Competencies:

• Proficiency in penetration testing frameworks, tools (e.g., Burp Suite, Metasploit, Kali Linux), and scripting languages (Python, PowerShell, Bash).
• Strong technical understanding of security controls, vulnerabilities, exploits, and mitigation strategies.
• Excellent communication and interpersonal skills, including the ability to explain complex security issues to non-technical stakeholders.
• Analytical mindset and attention to detail.
• Ability to operate effectively in a dynamic, fast-paced environment.