Algotale-Infosec Engineer

We are seeking an Application Security Engineer to perform vulnerability assessments and penetration testing on web integrations, web application and mobile applications. Responsibilities include identifying security vulnerabilities, conducting secure code reviews, and ensuring compliance with OWASP, NIST, and ISO 27001 standards. The role requires expertise in manual and automated security testing using tools like Burp Suite, Metasploit, and Kali Linux.

Key Responsibilities:

Vulnerability Assessment & Penetration Testing:

• Perform regular internal and external VAPT on infrastructure, web applications, APIs, mobile applications, and cloud environments.
• Identify, triage, exploit security vulnerabilities through static and dynamic application security testing (SAST/DAST) and report vulnerabilities with detailed proof-of-concept (PoC) documentation.
• Use both automated and manual testing methodologies to uncover security weaknesses.
• Perform security-focused code reviews.

Threat Analysis & Risk Assessment:

• Conduct in-depth risk assessments of identified vulnerabilities.
• Collaborate with teams to prioritize and remediate security issues.
• Develop and maintain a vulnerability management program.

Tooling & Automation:

• Utilize open-source and commercial VAPT tools such as Burp Suite, Nessus, Nmap, Metasploit, OWASP ZAP, and others.
• Create and enhance custom scripts or tools to automate testing processes.
• Stay updated on the latest vulnerabilities, exploits, and security trends.

Reporting & Documentation:

• Prepare detailed VAPT reports with risk ratings, impact analysis, and remediation recommendations.
• Communicate findings to technical and non-technical stakeholders.
• Ensure compliance with industry standards (e.g., OWASP, CIS, NIST) and regulatory requirements.

Collaboration & Continuous Improvement:

• Work closely with DevOps, IT, and engineering teams to address security gaps.
• Assist teams in reproducing, triaging and addressing application security vulnerabilities.
• Work closely with developers to integrate security into the software development lifecycle, providing guidance on secure coding practices.
• Contribute to security awareness programs by sharing insights from VAPT exercises.
• Support red team/blue team exercises, if applicable.

Required Skills

• Strong hands-on experience with VAPT tools (e.g., Nessus, OpenVAS, Qualys, Burp Suite, Metasploit, Nmap, etc.).
• Proficiency in identifying and exploiting vulnerabilities (SQLi, XSS, RCE, SSRF, IDOR, etc.).
• Ability to perform threat modeling to identify potential security threats and design effective countermeasures.
• Knowledge of secure coding practices and SDLC integration.
• Experience with cloud security testing (AWS, Azure, GCP).
• Familiarity with scripting languages (Python, Bash, PowerShell) for automation.
• Understanding of common security frameworks (OWASP, MITRE ATT&CK, NIST).
• Strong analytical and problem-solving skills.
• Having experience in the security domain for 1-3 years

Preferred Qualifications:

• Certifications: OSCP, CEH, GPEN, eCPPT, or equivalent.
• Experience with container and Kubernetes security testing.
• Knowledge of WAF bypass techniques and post-exploitation tactics.
• Experience with CI/CD pipeline security testing