We looking for a skilled Security Engineer with expertise in securing web and mobile applications, as well as identifying vulnerabilities across both application and infrastructure layers. This role is perfect for someone with a “hacker mindset” who enjoys uncovering vulnerabilities in web applications, APIs, and infrastructure. The ideal candidate is proactive, self-motivated, and committed to enhancing the security of our platforms by identifying and addressing vulnerabilities.

Responsibilities:

• ● Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities.
• ● Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios.
• ● Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components.
• ● Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements.
• ● Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains.
• ● Develop secure coding, configuration, and deployment practices across both applications and infrastructure.

● Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions.

Skills & Qualifications:

• ● Experience: 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security.
• ● Certifications: Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable.
• ● Technical Expertise: Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations.
• ● Programming & Scripting: Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, Bash, or PHP).
• ● Tools: Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security.
• ● Cloud & Infrastructure Knowledge: Familiarity with security best practices for AWS and container security (e.g., Docker, Kubernetes).
• ● Self-Starter: Highly self-motivated, thrives on independent research, and continuously seeks out new challenges.
• ● Team Impact: Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams.
• Preferred Requirements:
• ● Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities.
• ● Experience in securing infrastructure environments, cloud networks, and virtualized systems.
• ● A track record of independent security projects and active participation in security communities.
• ● Passion for fostering a proactive security culture across both application and infrastructure teams.