Staff SecOps Consultant - Afternoon Shift

Company Overview

10Pearls is an end-to-end digital technology services partner helping businesses utilize technology as a competitive advantage. We help our customers digitalize their existing business, build innovative new products, and augment their existing teams with high-performance team members. Our broad expertise in product management, user experience/design, cloud architecture, software development, data insights and intelligence, cybersecurity, emerging tech, and quality assurance ensures that we are delivering solutions that address business needs. 10Pearls is proud to have a diverse clientele including large enterprises, SMBs, and high-growth startups. We work with clients across industries, including healthcare/life sciences, education, energy, communications/media, financial services, and hi-tech. Our many long-term, successful partnerships are built upon trust, integrity, and successful delivery and execution.

Role

We are looking for a Staff SecOps Engineer, Ideal candidate should have experience or exposure to penetration testing tools such as Metasploit, Burp Suite, Nmap, Maltego, MOBSF, FRIDA, cydia etc.

Responsibilities

• Plan and create penetration testing methods, scripts and tests 
• Experience in security operation center tools like SIEM, Splunk, Wazuh etc.
• Should be familiar with multiple SAST,DAST & SCA tools
• Think critically about complex problems and situations. 
• Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
• Develop novel attack vectors based on newly discovered vulnerabilities.
• Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
• Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.  Experience in information security audits, risk assessments and compliance procedures.
• Carry out black box and white box penetration testing of client’s network, infrastructure to expose weaknesses in security.
• Able to hack into web applications that are vulnerable to attacks. Specially OWASP top 10 and CWE top 25 vulnerabilities
•  Advance level knowledge of mobile application penetration testing specially using FRIDA, DROZER and XPOSED framework.
•  Advance level knowledge of API testing. Good command in request interception of REST & SOAP APIs. • Able to perform chained attacks, privilege escalation, and lateral movement