Job Description
JOB SUMMARY:
We are looking for a Cybersecurity Engineer with hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT), Web & Network Security, Cloud Security, Security Hardening, and Reconnaissance (Recon) techniques. The ideal candidate should be proficient with Burp Suite, security assessment tools, and cybersecurity solutions while also being familiar with industry-standard security frameworks and compliance requirements.
The role involves identifying vulnerabilities, performing security assessments, conducting penetration testing activities, securing applications and networks, validating remediation measures, and supporting the organization’s overall cybersecurity posture.
KEY RESPONSIBILITIES:
1. RECONNAISSANCE & INFORMATION GATHERING
Perform passive and active reconnaissance to gather target information.
Utilize tools like Amass, Subfinder, Assetfinder, Shodan, and Google Dorking.
Perform OSINT (Open-Source Intelligence) analysis using WHOIS, DNS enumeration, and certificate transparency logs.
Identify exposed assets, subdomains, and potential security risks.
2. VULNERABILITY ASSESSMENT & PENETRATION TESTING (VAPT)
Conduct Web Application, API, and Network penetration testing.
Use Burp Suite, OWASP ZAP, Acunetix, Nessus, and Metasploit for security testing.
Perform manual and automated security assessments to detect OWASP Top 10 risks and other vulnerabilities.
Validate vulnerabilities through manual testing and proof-of-concept exploitation where applicable.
Generate detailed security reports with risk analysis and remediation recommendations.
3. NETWORK & CLOUD SECURITY
Perform network security assessments using Nmap, OpenVAS, Wireshark, and related security tools.
Conduct firewall audits, VPN security analysis, and security hardening reviews.
Assess AWS, Azure, and Kubernetes environments for security weaknesses and misconfigurations.
Support implementation of security best practices across infrastructure and cloud environments.
4. SECURITY ENGINEERING & RISK MANAGEMENT
Conduct vulnerability management and remediation validation activities.
Participate in security architecture reviews and risk assessments.
Assist teams in implementing secure configurations and cybersecurity best practices.
Ensure alignment with OWASP, NIST, ISO 27001, CIS Benchmarks, and other security standards.
Develop and maintain security recommendations for applications, infrastructure, and cloud environments.
5. IOT SECURITY (GOOD TO HAVE)
Basic understanding of IoT device and embedded system security.
Familiarity with MQTT, CoAP, BLE, Zigbee, LoRaWAN, and Modbus protocols.
Knowledge of OWASP IoT Top 10 vulnerabilities.
Exposure to firmware analysis and IoT security testing is an added advantage.
REQUIRED SKILLS & TOOLS:
Shodan, FOCA, Google Dorking, WHOIS, OSINT tools
Burp Suite Pro, OWASP ZAP, Acunetix
API Security Testing
WAFs (Cloudflare, AWS WAF, ModSecurity)
Nmap, Nessus, OpenVAS, Wireshark, Metasploit, Snort
Firewalls, VPN Security
Azure Security Center
AWS Security Hub
Kubernetes Security (Kube-bench, Falco)
Prisma Cloud, Aqua Security, Qualys
PREFERRED CERTIFICATIONS (OPTIONAL BUT BENEFICIAL):
OSCP (Offensive Security Certified Professional)
PNPT (Practical Network Penetration Tester)
eJPT (Junior Penetration Tester)
CEH (Certified Ethical Hacker)
CompTIA Security+
AWS Security Specialty / Azure Security Engineer Associate
IMPORTANT NOTE:
This position requires a combination of Cybersecurity Engineering and hands-on Penetration Testing expertise.
This role is not intended for SOC Analysts, Security Monitoring Engineers, SIEM Administrators, or Incident Response professionals.
Interested? Apply here or drop your resume at apin.lal@gadgeon.com
No Referrers Available
There are currently no referrers available for this job. You can still apply, will let you know once there is any referrer available.
