Job Description: Security Operations Specialist – Penetration Testing

At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.

We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. 

Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation.

Job Description: Security Operations Specialist – Penetration Testing

Location: Remote India

Job Type: Full-Time

Department: Information Security / Security Operations

Job Summary

We are seeking a Security Operations Specialist – Penetration Testing to lead and manage penetration testing activities across applications, networks, and cloud environments. The ideal candidate will oversee the operation of Veracode, Mandiant Verodin, Burp Suite, OWASP tools, MITRE ATT&CK framework, Metasploit, and Nuclei, conduct penetration tests, identify critical, high, and medium vulnerabilities, and work closely with IT teams to remediate risks. Additionally, they will provide security insights to executive leadership to strengthen the organization’s cybersecurity posture.

Key Responsibilities

1. Penetration Testing & Security Assessments

• Conduct internal and external penetration tests across applications, cloud, and infrastructure.

• Utilize tools like Veracode, Burp Suite, Metasploit, and Nuclei for vulnerability identification.

• Simulate real-world attacks based on MITRE ATT&CK and OWASP methodologies.

• Perform adversary emulation and security control validation using Mandiant Verodin.

2. Vulnerability Prioritization & Remediation

• Identify and prioritize critical, high, and medium vulnerabilities based on risk impact.

• Collaborate with IT, DevOps, and cloud teams to remediate security weaknesses.

• Provide actionable recommendations for patching, hardening, and security improvements.

3. Security Reporting & Insights

• Generate detailed penetration test reports with technical findings and risk assessments.

• Communicate findings to executives and security leaders in an understandable and actionable manner.

• Track and report on remediation progress, providing periodic updates to stakeholders.

4. Security Tool Management & Optimization

• Administer, configure, and fine-tune penetration testing tools (Veracode, Mandiant Verodin, Burp Suite, Metasploit, OWASP tools, Nuclei).

• Automate security testing workflows where applicable.

• Stay updated on new vulnerabilities, exploits, and penetration testing techniques.

Qualifications & Skills

Required:

•  3+ years of experience in penetration testing, ethical hacking, or security operations.

• Strong hands-on experience with Veracode, Burp Suite, Metasploit, OWASP, MITRE ATT&CK, and Nuclei.

• Ability to conduct application, network, and cloud penetration tests.

• Strong understanding of common vulnerabilities (CWE, CVEs) and security testing methodologies.

• Experience working with IT and development teams to remediate security issues.

• Strong analytical and communication skills to provide executive-level security insights.

Preferred:

• Certifications such as OSCP, CEH, GWAPT, GPEN, or CISSP

•  Experience with red teaming, adversary emulation, or security control validation.

Familiarity with CI/CD security, DevSecOps, and cloud security assessments.