Job Summary

Job Summary : This role is responsible for identifying, assessing, and mitigating security vulnerabilities across enterprise environments while also simulating real-world cyberattacks through Red Teaming exercises. The objective is to proactively strengthen the organization’s security posture by combining defensive (VM) and offensive (Red Team) capabilities. Job Description : 1. Vulnerability Management\\\\r\\\\n\\\\r\\\\nPerform regular vulnerability scans across infrastructure, applications, and endpoints\\\\r\\\\nAnalyze scan results, prioritize risks based on severity (CVSS), and recommend remediation\\\\r\\\\nCoordinate with IT and application teams for patching and vulnerability closure\\\\r\\\\nTrack remediation progress and ensure timely closure within SLA\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n2. Red Teaming / Offensive Security\\\\r\\\\n\\\\r\\\\nConduct Red Team exercises to simulate real-world attack scenarios\\\\r\\\\nPerform penetration testing (network, web, cloud, endpoints)\\\\r\\\\nIdentify security gaps in detection and response mechanisms\\\\r\\\\nExecute phishing simulations and social engineering assessments (where applicable)\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n3. Security Assessment & Risk Analysis\\\\r\\\\n\\\\r\\\\nIdentify security weaknesses and provide actionable risk mitigation strategies\\\\r\\\\nPerform root cause analysis for critical vulnerabilities\\\\r\\\\nValidate the effectiveness of existing security controls\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n4. Tools & Technology Management\\\\r\\\\n\\\\r\\\\nWork with vulnerability scanning tools (Qualys, Nessus, Rapid7, etc.)\\\\r\\\\nUse penetration testing tools (Burp Suite, Metasploit, Nmap, Cobalt Strike, etc.)\\\\r\\\\nSupport security monitoring tools and SIEM integration (ArcSight, Splunk, etc.)\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n5. Reporting & Governance\\\\r\\\\n\\\\r\\\\nPrepare detailed vulnerability assessment and Red Team reports\\\\r\\\\nProvide executive summaries with risk ratings and remediation plans\\\\r\\\\nTrack metrics such as vulnerability trends, MTTR, and risk exposure\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n6. Incident & Detection Validation\\\\r\\\\n\\\\r\\\\nValidate SOC detection capabilities through Red Team engagements\\\\r\\\\nTest incident response processes and identify gaps\\\\r\\\\nWork closely with Blue Team for threat detection improvement\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n7. Stakeholder Management\\\\r\\\\n\\\\r\\\\nCollaborate with application owners, infrastructure teams, and security teams\\\\r\\\\nPresent findings to leadership and recommend remediation strategies\\\\r\\\\nSupport audits and compliance requirements (ISO, PCI-DSS, etc.)\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n8. Automation & Continuous Improvement\\\\r\\\\n\\\\r\\\\nAutomate vulnerability scanning, reporting, and tracking processes\\\\r\\\\nEnhance Red Team methodologies and attack simulations\\\\r\\\\nImprove overall security posture through continuous assessments\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n9. Security Compliance & Standards\\\\r\\\\n\\\\r\\\\nEnsure alignment with security frameworks (NIST, CIS, ISO 27001)\\\\r\\\\nSupport audit readiness and compliance reporting\\\\r\\\\nMaintain documentation of vulnerabilities and testing activities

Key Responsibilities

Job Responsibilities : 1. Vulnerability Management Perform regular vulnerability scans across infrastructure, applications, and endpoints Analyze scan results, prioritize risks based on severity (CVSS), and recommend remediation Coordinate with IT and application teams for patching and vulnerability closure Track remediation progress and ensure timely closure within SLA 2. Red Teaming / Offensive Security Conduct Red Team exercises to simulate real-world attack scenarios Perform penetration testing (network, web, cloud, endpoints) Identify security gaps in detection and response mechanisms Execute phishing simulations and social engineering assessments (where applicable) 3. Security Assessment & Risk Analysis Identify security weaknesses and provide actionable risk mitigation strategies Perform root cause analysis for critical vulnerabilities Validate the effectiveness of existing security controls 4. Tools & Technology Management Work with vulnerability scanning tools (Qualys, Nessus, Rapid7, etc.) Use penetration testing tools (Burp Suite, Metasploit, Nmap, Cobalt Strike, etc.) Support security monitoring tools and SIEM integration (ArcSight, Splunk, etc.) 5. Reporting & Governance Prepare detailed vulnerability assessment and Red Team reports Provide executive summaries with risk ratings and remediation plans Track metrics such as vulnerability trends, MTTR, and risk exposure 6. Incident & Detection Validation Validate SOC detection capabilities through Red Team engagements Test incident response processes and identify gaps Work closely with Blue Team for threat detection improvement 7. Stakeholder Management Collaborate with application owners, infrastructure teams, and security teams Present findings to leadership and recommend remediation strategies Support audits and compliance requirements (ISO, PCI-DSS, etc.) 8. Automation & Continuous Improvement Automate vulnerability scanning, reporting, and tracking processes Enhance Red Team methodologies and attack simulations Improve overall security posture through continuous assessments 9. Security Compliance & Standards Ensure alignment with security frameworks (NIST, CIS, ISO 27001) Support audit readiness and compliance reporting Maintain documentation of vulnerabilities and testing activities

Skill Requirements

Skill Requirement : Strong understanding of Vulnerability Management lifecycle Hands-on experience in penetration testing & Red Teaming Knowledge of network, application, and cloud security Familiarity with CVSS scoring, threat modeling, and risk assessment Knowledge of security tools (Qualys, Nessus, Burp Suite, Metasploit, etc.) Good understanding of SIEM, SOC, and detection mechanisms

Other Requirements

Other Requirement : Preferred Certifications CEH, OSCP, OSWE, GPEN, GWAPT CISSP / CISM (for broader security governance) Relevant vendor certifications (Qualys, Rapid7, etc.)