Looking for candidates with GRC skills and a junior-level penetration testing background.
Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across mobile apps (iOS/Android), cloud environments (AWS/Azure/GCP), networks, and applications for SME to enterprise clients.
Support Governance, Risk, and Compliance (GRC) activities, including assisting with risk assessments, policy reviews, and compliance documentation.
Perform mobile security testing including static/dynamic analysis (MobSF, Frida), reverse engineering, and assessment of anti-tampering controls.
Conduct host configuration reviews against CIS Benchmarks/NIST standards, identifying misconfigurations (weak permissions, default creds) and providing hardening recommendations.
Perform thorough source code reviews (SAST/manual analysis) for vulnerabilities (SQLi, XSS, logic flaws) in Java/Python/.NET/Node.js applications.
Provide expert risk prioritization (CVSS, exploitability) and remediation guidance tailored to client environments and business impact.
Deliver detailed technical reports with proof-of-concepts (PoCs), executive summaries, and actionable mitigation steps.
Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.
Conduct compliance checks on internal controls to ensure compliance with established policies and applicable regulations.
Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.
Manage security projects and solution implementation activities that address cybersecurity risks.
Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)
Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.
Participate in client briefings to explain findings, address concerns, and align security improvements with business goals
