Cloud Cyber Security Test Engineer

Company Description

We are a consulting company with a bunch of technology-interested and happy people!

We love technology, we love design and we love quality. Our diversity makes us unique and creates an inclusive and welcoming workplace where each individual is highly valued.

With us, each individual is her/himself and respects others for who they are and we believe that when a fantastic mix of people gather and share their knowledge, experiences and ideas, we can help our customers on a completely different level.

We are looking for you who want to grow with us!

With us, you have great opportunities to take real steps in your career and the opportunity to take great responsibility.

Requirement Details:

Our Digital Development teams are highly cross-functional with our business colleagues and customers setting the direction. As a Cloud Cyber security Tester, you will be responsible for identifying and mitigating security vulnerabilities in embedded systems and firmware across a variety of devices, including IoT devices. You will work closely with cross-functional teams, including software engineers, hardware engineers, and security analysts, to ensure the security and resilience of our products against potential threats

Your main responsibilities:

The Cloud Cyber security test engineer is, throughout the lifetime of a digital solution, accountable for:

• Perform security assessments and penetration testing on cloud and web applications to identify vulnerabilities and weaknesses.
• Develop and execute test plans, test cases, and scripts to uncover security flaws within digital software.

Conduct dynamic analysis of software to identify potential vulnerabilities.

• Collaborate with development teams to remediate identified vulnerabilities and provide guidance on secure coding practices.
• Develop and maintain security testing tools, scripts, and frameworks specifically tailored for cloud.
• Keep up-to-date with the latest security trends, vulnerabilities, attack vectors, and mitigation strategies specific to embedded systems.
• Prepare detailed technical reports, including proof-of-concept exploits, risk assessments, and recommendations for security improvements.
• Participate in security design reviews and threat modeling for new web applications.
• Work closely with security architects and security engineers
• Conduct security research on new cloud technologies, protocols, and platforms.
• Train and mentor junior team members on cloud security testing methodologies and tools.

Your Background:

• Educational Background: Bachelor's or Master's Degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• Experience: Over 5 years of experience in red teaming, penetration testing, or cloud security, with a focus on Azure, Kubernetes, and containerized environments.
• Technical Expertise: Strong understanding of Azure Kubernetes Service (AKS), Docker security, container runtime attacks, and supply chain vulnerabilities.

Advanced Skills:

• Expertise in privilege escalation, lateral movement, and evasion techniques in Azure and containerized workloads.
• Certifications: Recommended certifications include OSCP, OSEP, CRTP, CRTE, GCPN, GXPN, AZ-500, SC-100, SC-300, CKS, CNCF Kubernetes & Cloud Native Security Certifications, and Docker Certified Associate (DCA).

Red Teaming Tools:

• Familiarity with tools like MicroBurst, StormSpotter, AzureHound, ROADtools, AADInternals, Mimikatz, Whisker, Graph API & Azure CLI, Kube-hunter, Kube-bench, Trivy, Falco, Kubeaudit, Peirates, Kubescape, Docker Bench for Security, Dive, Crunge, and Container Escape Techniques.
• Persistence & Lateral Movement: Knowledge of tools and techniques for persistence and lateral movement in Azure and Kubernetes, such as Ruler, TokenTactics, AADSpray, MailSniper, and Kubelet Attacks.
• Exploitation & Post-Exploitation: Proficiency in exploitation frameworks like Metasploit, Empire, and post-exploitation techniques in Kubernetes.
• Defensive Evasion: Skills in evasion techniques using tools like SharPersist, BOFNET, Koadic, and obfuscation methods.
• Frameworks & Compliance: Understanding of frameworks and compliance standards like MITRE ATT&CK, NIST 800-53, CIS Benchmarks, OWASP Kubernetes Security Testing Guide, and Microsoft Cloud Adoption Framework (CAF) Security Best Practices.
• Scripting & Automation: Experience with scripting and automation using PowerShell, Azure CLI, Python, Terraform, Bicep, Jenkins, and Azure DevOps.
• Advanced Techniques: Knowledge of advanced red teaming techniques such as cloud workload impersonation, abusing conditional access policies, OAuth token hijacking, cross-tenant attacks in Azure AD, hybrid AD attacks, container escape attacks, and exploiting Kubernetes API Server and Secrets

Location: Chennai, India