Security Engineer II - Penetration Testing

Responsibilities :

- Perform regular pentests of organizational assets.

- Managing a bug bounty program.

- Prioritize security findings and work with engineering teams in resolving them at the earliest.

- Work with third-party vendors to solve security challenges and perform pentests.

- Work on a diverse domain of information security across the organization, most importantly, infrastructure and product security.

- Develop automation for security testing in the CI/CD pipeline.

- Automate parts of infrastructure security and develop/implement security automation to reduce manual effort on a day-to-day basis.

- Run ongoing Red team exercises.

Requirements :

- 3+ years of hands-on experience with GCP workloads.

- 2+ years of hands-on experience with Vulnerability Assessment and Penetration Testing.

- Detailed working knowledge of application vulnerabilities for consumer mobile applications (Android, iOS) and API endpoints, and remediation techniques.

- Thorough understanding of OWASP Top 10 for Web, Mobile, and APIs.

- Hands-on experience with security tools such as Frida, BurpSuite, Nessus, Metasploit, etc.

- Good understanding of microservices application architecture, threat modelling, and identifying privacy issues and data leaks.

- Hacker mindset. I like to find ways to bypass systems and find vulnerabilities.

- Passion to learn new things, solve challenging problems.

- Ability to code in one scripting language (Python, Go, Java, C, etc. ).

- Ability to automate repetitive tasks.

- If you can find a high/critical vulnerability in MPL, we would be very much interested in having a chat with you, plus a bounty, of course.

- Good communication and stakeholder management skills.

Good to have :

- Actively participates in bug bounty programs and CTFs.

- Strong understanding of Mobile, Web, and microservice architecture.