Description :

We seek an experienced Application Security Expert to join our Red Team. The role involves identifying and exploiting vulnerabilities across applications and IT environments, simulating real-world cyberattacks, performing advanced penetration testing, and providing security insights throughout the SDLC.

Key Responsibilities :

- Conduct full-scope red team engagements across web, mobile, cloud, network, and physical domains.

- Perform adversary emulation using MITRE ATT&CK and threat intelligence.

- Use and develop custom exploits and offensive tools (Cobalt Strike, Metasploit, Burp Suite, Kali).

- Execute covert social engineering and physical security tests.

- Exploit vulnerabilities and test detection/response capabilities.

- Test web/mobile apps, APIs, cloud (AWS/Azure/GCP), networks, containers, Kubernetes, and CI/CD.

- Identify complex vulnerabilities (logic flaws, auth issues, deserialization, privilege escalation).

- Provide detailed remediation-focused reports.

- Perform security assessments on AI/ML systems, including Large Language Models (LLMs), prompt injection testing, model abuse, data leakage risks, and adversarial attacks

- Work with dev, DevOps, and security teams to embed security testing early.

- Influence secure design and promote security awareness.

- Retest fixes and automate testing workflows.

- Prepare technical reports and executive summaries; present findings to teams and leadership.

Required Skills & Qualifications :

- 6 - 8 years in application security, penetration testing, or red teaming.

- Expertise with offensive tools (Metasploit, Burp Suite, Cobalt Strike, Kali).

- Strong exploitation skills across web, network (Kerberos, SMB, LDAP), and cloud (IAM, misconfig).

- Proficient in Python, Java, C/C++, PowerShell, or Bash.

- Strong understanding of web architecture, AI, LLM, API security, networking, cloud security, containers, and CI/CD.

Certifications :

- OSCP - Required

- OSCE / OSWE - Highly preferred

- CEH, GWAPT, OSEP, CRTO - Preferred