Infrastructure Security / Cybersecurity Specialist

Job Summary:

We are looking for a highly skilled and versatile Information Security Specialist who can perform the roles of a Penetration Tester and Cybersecurity Specialist across diverse environments, including cloud platforms, backend APIs, web applications, mobile (Android & iOS), and enterprise systems. This role is crucial in ensuring the security of our digital ecosystem by identifying vulnerabilities, implementing security measures, and safeguarding sensitive data against cyber threats.Security Assessments & Penetration Testing:

• Conduct detailed penetration testing across multiple platforms, including web, mobile (iOS/Android), cloud environments (AWS, Azure, GCP), and APIs.
• Perform vulnerability assessments using automated tools and manual testing to uncover security risks.
• Simulate cyber-attacks and exploit discovered vulnerabilities to assess the overall security posture.
• Develop threat models and provide mitigation strategies to minimize risk exposure.

Cloud Security:

• Perform cloud security audits and reviews for AWS, Azure, or GCP environments.
• Implement and monitor cloud security policies, ensuring alignment with industry standards (e.g., PCIDSS, NIST, ISO 27001, GDPR).
• Conduct regular security reviews and configuration assessments of cloud-native applications and infrastructure.

Backend API Security:

• Analyze and secure backend APIs against attacks such as injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and API endpoint misconfigurations.
• Review API authentication and authorization mechanisms (OAuth, JWT) for potential vulnerabilities.
• Implement secure coding practices in collaboration with development teams to minimize attack surfaces.

Mobile Security (Android & iOS):

• Conduct penetration testing on Android and iOS applications using static and dynamic analysis techniques.
• Assess mobile app security for potential vulnerabilities like insecure data storage, improper SSL/TLS implementations, and weak encryption.
• Provide guidance to mobile app development teams on secure coding best practices.

Web Security:

• Perform comprehensive security testing of web applications, including OWASP Top 10 vulnerabilities, security misconfigurations, and business logic flaws.
• Ensure secure configuration and hardening of web servers, firewalls, and application servers.

Incident Response & Threat Management:

• Lead incident response efforts, including threat identification, mitigation, and forensic investigation.
• Conduct risk assessments, analyzing attack patterns, TTPs (Tactics, Techniques, and Procedures), and implement countermeasures.
• Participate in cybersecurity drills and prepare reports on the effectiveness of defenses.

Security Compliance & Policy Development:

• Assist in developing, implementing, and maintaining security policies, procedures, and best practices across the organization.
• Ensure compliance with industry standards such as PCI-DSS, HIPAA, GDPR, and others.
• Work closely with legal and compliance teams to ensure data protection regulations are met across all environments.

Collaboration & Training:

• Provide security training and awareness sessions to development and operations teams.
• Collaborate with DevOps teams to implement DevSecOps methodologies and ensure continuous security integration within the CI/CD pipeline.
• Conduct red team exercises and penetration testing scenarios, briefing teams on the outcomes and helping them implement improvements.

Required Skills and QualificationsEducation: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master's degree is a plus.Certifications (Preferred but not required):

• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• GPEN (GIAC Penetration Tester)
• CompTIA Security

Technical Skills:

• Penetration Testing Tools: Proficient with tools like Metasploit, Burp Suite, Wireshark, Nmap, Nessus, or OpenVAS.
• Cloud Security: In-depth knowledge of cloud security frameworks and tools for AWS, GCP, and Azure.
• Mobile Security: Experience with mobile security frameworks, and tools like Drozer, MobSF, FRIDA or similar.
• API Security: Understanding of API security testing, OAuth, JWT, and encryption techniques.
• Web Security: Experience with SAST/DAST tools like ZAP, Veracode, or SonarQube for web security assessments and code reviews.
• Network Security: Knowledge of network security monitoring and firewall management.

Experience:

• 5-7 years of experience in information security, penetration testing, or vulnerability management.
• Extensive experience with cloud platforms (AWS, Azure, GCP), securing APIs, and mobile application security.
• Extensive experience in Mobile (iOS & Android ) Pentesting , Web & Apis Pentesting.
• Experience in Securing the CI/CD Pipelines.
• Must have experience working with PCI-DSS Compliance.
• Strong knowledge of security protocols, cryptography, authentication mechanisms, and data protection.

Job Type: Full-time

Pay: Rs400,000.00 - Rs700,000.00 per month

Application Question(s):

• The company is located in DHA Phase 8, Lahore. Would you be willing to work on Onsite ?
• Please share your resume at: https://tinyurl.com/CybersecurityWalee

Experience:

• information security: 5 years (Required)

Location:

• Lahore (Required)

Work Location: In person