Security Engineer - OWASP

Responsibilities :

- Conduct deep-dive penetration testing and red team simulations on web, mobile, cloud, APIs, and thick client systems.

- Perform proactive threat modeling during product development to identify design-stage risks.

- Build custom scripts/tools and automate offensive security workflows.

- Report technical findings with clear, actionable remediation strategies.

- Collaborate with engineering and product teams to embed offensive security into the SDLC.

- Stay updated on the latest threat techniques, CVEs, exploits, and red team tooling.

Requirements :

- 5+ years in offensive security, penetration testing, or red teaming.

- Experience with OWASP Top 10 ASVS, MITRE ATT and CK, and threat modeling frameworks.

- Hands-on with cloud platforms (AWS/GCP/Azure), thick clients, and secure app architecture.

- Proficiency in scripting (Python, Go, Bash) and tools like Burp Suite, ZAP, Metasploit, and

Cobalt Strike.

- Strong communication and reporting skills for both technical and business audiences.

Additional Skills :

- Experience in ecommerce or AI/ML-driven platforms.

- Prior work in vulnerability research, CVE publication, or exploit development.

- Certifications : OSCP, OSWE, OSEP, CRTO, or cloud security certs.

- Contributions to open-source tools, blogs, or conferences in the infosec community.