What you ll do:
- Conduct cloud infrastructure and application vulnerability assessment in an agile cloud development environment using open-source and commercial tools
- Validate and triage identified vulnerabilities and application security defects
- Track remediation efforts of triaged vulnerabilities to their completion
- Contribute to the development and maintenance of vulnerability management tools and CI/CD integrations
- Provide technical documentation to development teams describing vulnerabilities and impact
- Create and maintain documentation as it relates to vulnerability management and penetration testing processes, standards, and recommendations
- Perform penetration testing of web applications, APIs, thick clients, mobile applications, Onprem, and SaaS services following OWASP methodologies
- Research and develop proof of concepts on publicly available exploits for known/0Day vulnerabilities
What you ll bring:
- Minimum 3 years of years experience in vulnerability management and penetration testing
- Hands-on experience managing:
- Vulnerability scanning tools
- Container and dependency (OSS libraries) scanning tools
- Docker and Kubernetes
- Security administration in AWS and Azure
- CI/CD and DevOps Tooling (Git, Jenkins, CircleCI)
- Infrastructure as code tools (Ansible, CloudFormation, Terraform)
- Experience in agile methodologies with secure software development life-cycle involving SAST & DAST tools (Coverity, CodeQL, SonarQube, Contrast)
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (reverse proxies, WAF), DNS Security, DoH & DoT
- Experience working with a POSIX system such as Linux or macOS
- Familiarity with Shell Scripts, Python or Golang is a major plus
- Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.
- One or more security certifications CEH, CISA, GSEC, OSCP, CISSP, etc.
- Excellent verbal and written communication skills with a strong attention to details
- MS/M.tech or BE/BS/B.tech in Computer Science or related field, or equivalent work experience required
What success looks like:
In the first six months, you will
- Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that require vulnerability assessment and penetration testing
- Reach proficiency with process and procedures laid out for the team in delivering best-in-class cyber security services
- Build knowledge and hands-on experience on cutting-edge technologies
- Understand the team of engineers and the current state
After the first year, you will
- Be an independent key contributor to the team
- Participate in rotational watchdesk responsibilities as applicable
- Provide recommendations for security posture improvements
- Identify emerging security threats and trends
