Security Engineer - OWASP

<p><p><b>Responsibilities : </b><br/><br/>- Conduct deep-dive penetration testing and red team simulations on web, mobile, cloud, APIs, and thick client systems.<br/><br/></p><p>- Perform proactive threat modeling during product development to identify design-stage risks.<br/><br/></p><p>- Build custom scripts/tools and automate offensive security workflows.<br/><br/></p><p>- Report technical findings with clear, actionable remediation strategies.<br/><br/></p><p>- Collaborate with engineering and product teams to embed offensive security into the SDLC.<br/><br/></p><p>- Stay updated on the latest threat techniques, CVEs, exploits, and red team tooling.<br/><br/><b>Requirements : </b><br/><br/>- 5+ years in offensive security, penetration testing, or red teaming.<br/><br/></p><p>- Experience with OWASP Top 10 ASVS, MITRE ATT and CK, and threat modeling frameworks.<br/><br/></p><p>- Hands-on with cloud platforms (AWS/GCP/Azure), thick clients, and secure app architecture.<br/><br/></p><p>- Proficiency in scripting (Python, Go, Bash) and tools like Burp Suite, ZAP, Metasploit, and </p><p>Cobalt Strike.<br/><br/></p><p>- Strong communication and reporting skills for both technical and business audiences.<br/><br/><b>Additional Skills : </b><br/><br/>- Experience in ecommerce or AI/ML-driven platforms.<br/><br/></p><p>- Prior work in vulnerability research, CVE publication, or exploit development.<br/><br/></p><p>- Certifications : OSCP, OSWE, OSEP, CRTO, or cloud security certs.<br/><br/></p><p>- Contributions to open-source tools, blogs, or conferences in the infosec community.<br/></p><br/></p> (ref:hirist.tech)