Engineer/Consultant

Job Description

- Looking for candidates with GRC skills and a junior-level penetration testing background.
- Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across mobile apps (iOS/Android), cloud environments (AWS/Azure/GCP), networks, and applications for SME to enterprise clients.
- Support Governance, Risk, and Compliance (GRC) activities, including assisting with risk assessments, policy reviews, and compliance documentation.
- Perform mobile security testing including static/dynamic analysis (MobSF, Frida), reverse engineering, and assessment of anti-tampering controls.
- Conduct host configuration reviews against CIS Benchmarks/NIST standards, identifying misconfigurations (weak permissions, default creds) and providing hardening recommendations.
- Perform thorough source code reviews (SAST/manual analysis) for vulnerabilities (SQLi, XSS, logic flaws) in Java/Python/.NET/Node.js applications.
- Provide expert risk prioritization (CVSS, exploitability) and remediation guidance tailored to client environments and business impact.
- Deliver detailed technical reports with proof-of-concepts (PoCs), executive summaries, and actionable mitigation steps.
- Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.
- Conduct compliance checks on internal controls to ensure compliance with established policies and applicable regulations.
- Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.
- Manage security projects and solution implementation activities that address cybersecurity risks.
- Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)
- Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.
- Participate in client briefings to explain findings, address concerns, and align security improvements with business goals

Job Requirements

- Looking for candidates with GRC skills and a junior-level penetration testing background.
- Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across mobile apps (iOS/Android), cloud environments (AWS/Azure/GCP), networks, and applications for SME to enterprise clients.
- Support Governance, Risk, and Compliance (GRC) activities, including assisting with risk assessments, policy reviews, and compliance documentation.
- Perform mobile security testing including static/dynamic analysis (MobSF, Frida), reverse engineering, and assessment of anti-tampering controls.
- Conduct host configuration reviews against CIS Benchmarks/NIST standards, identifying misconfigurations (weak permissions, default creds) and providing hardening recommendations.
- Perform thorough source code reviews (SAST/manual analysis) for vulnerabilities (SQLi, XSS, logic flaws) in Java/Python/.NET/Node.js applications.
- Provide expert risk prioritization (CVSS, exploitability) and remediation guidance tailored to client environments and business impact.
- Deliver detailed technical reports with proof-of-concepts (PoCs), executive summaries, and actionable mitigation steps.
- Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.
- Conduct compliance checks on internal controls to ensure compliance with established policies and applicable regulations.
- Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.
- Manage security projects and solution implementation activities that address cybersecurity risks.
- Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)
- Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.
- Participate in client briefings to explain findings, address concerns, and align security improvements with business goals

Work Location