Location : Kochi

Role Summary :

The Lead - Offensive Security is a key member of the Security Assurance Team, responsible for evaluating, testing, and enhancing Lulu Retail's cybersecurity posture. The role plays a critical part in strengthening IT security, improving cyber resilience, and supporting regulatory compliance across cloud and on-premise environments.

Key Responsibilities :

Offensive Security Testing

Plan, execute, and manage periodic offensive security activities, including :

- Vulnerability Assessments

- Penetration Testing (internal & external)

- Wi-Fi Security Testing

- Network Segmentation Testing

- PCI-DSS ASV Scans

- Active Directory Security Audits

- Red Teaming / Adversary Simulation

Cloud & Infrastructure Security :

- Perform cloud security assessments for AWS and Azure, identifying misconfigurations, insecure architecture, and policy gaps.

- Evaluate endpoint, network, and application security controls.

Vulnerability & Risk Management :

- Conduct CVE analysis, risk scoring, and prioritization.

- Track remediation progress and verify vulnerability closure.

- Ensure all security testing aligns with compliance requirements and internal security standards.

Collaboration & Advisory :

Work closely with development, DevOps, infrastructure, and IT support teams to:

- Explain identified vulnerabilities

- Recommend mitigation strategies and best practices

- Support secure design and implementation

- Lead meetings with asset owners and project teams to ensure timely remediation.

Reporting & Documentation :

Prepare detailed technical and executive-level security assessment reports.

- Document findings, recommendations, and remediation timelines.

Required Qualifications :

Education : Bachelor's degree in Computer Science, Information Security, or a related discipline.

Experience :

- Minimum 3 years of hands-on experience in cybersecurity, penetration testing, or offensive security roles.

Certifications (Preferred) :

- CEH

- ECSA

- CHFI

- Other recognized offensive security or penetration testing certifications (e.g., OSCP, OSWP, OSCE, GPEN).

Technical Skills :

Strong understanding of :

- Penetration Testing methodologies

- Vulnerability Assessment & Patch Management

- Advanced cyber threats and mitigation techniques

Proficiency with IT security tools/platforms :

- Anti-malware, Firewalls, IDS/IPS, DLP

- Web Proxies, Email Security

- Cloud Security (AWS & Azure)

- Privileged Access Management

- IAM & Identity Security

Experience with frameworks/standards :

- OWASP

- NIST 800-64

- PCI-DSS

- ISO 27001

- GDPR

Soft Skills :

- Excellent communication and stakeholder-management skills

- Strong analytical and problem-solving abilities

- Solid organizational and time-management skills

- Ability to work well independently as well as collaboratively within a team