Location: Karachi, Pakistan
Workplace type: Hybrid
Core Responsibilities:
Conduct VAPT (Vulnerability Assessment and Penetration Testing) on web and mobile applications, as well as on infrastructure, to identify and assess security risks.Collaborate with development teams on remediation of identified vulnerabilities, ensuring SSDLC (Secure Software Development Lifecycle) practices are followed.Verify that cloud applications and infrastructure comply with defined security policies.Integrate and implement all systems with the SIEM solution for continuous monitoring of critical infrastructure, systems, and applications.Perform threat monitoring and produce regular security reports.Stay current with emerging threats and recommend appropriate mitigation measures.Work with cross-functional teams to apply security best practices across projects and initiatives.
Requirements:In-depth knowledge of information security principles and best practices.Proficient in security frameworks such as OWASP, PTES, SANS, CIS-18, and NISTKnowledge of Security testing tools such as Burp Suite, Nessus, Rapid7, OpenVAS and other relevant ones.Experience in conducting VAPT of Cloud Infrastructure, Web/Mobile Apps, and APIs.Bachelor's degree in Computer Science, Information Security, or a related field.Minimum 2+ years of experience in information security.Relevant security certifications such as CEH, CySA+, OSCP, or EC-CSA are preferred.
