Offensive Security Engineer

Role Overview

We are seeking a Mid–Senior Offensive Security Engineer with hands-on expertise in vulnerability assessment, penetration testing, red teaming, and Azure environment security assessments. The candidate should possess strong technical experience in web, API, and mobile application security, and be able to assess configurations based on CIS controls, NIST, and other industry standards.

Key Responsibilities

• Perform comprehensive VAPT across web, API, and mobile applications.

• Conduct red team operations and adversarial simulations to assess defense posture.

• Perform Azure WAF and cloud environment configuration reviews and recommend hardening measures.

• Evaluate environments against CIS Controls, NIST, and internal baselines.

• Collaborate with DevSecOps and cloud engineering teams to support secure design and remediation.

• Assist with automation of security testing and vulnerability management workflows.

Required Experience & Skills

• 5–8 years of hands-on experience in offensive security or penetration testing roles.

• Expertise in web, API, and mobile application testing (Burp Suite, OWASP ZAP, Postman, MobSF, Frida).

• Strong understanding of OWASP Top 10, CWE, MITRE ATT&CK, and exploitation methodologies.

• Experience in Azure security (WAF, Key Vault, App Services, Azure AD).

• Proficiency in scripting languages such as Python, PowerShell, or Bash.

• Knowledge of CIS Benchmarks and common cloud misconfigurations.

Preferred Skills / Certifications

• Certifications: OSCP, OSWE, CRTP, OSEP, AZ-500, or CREST CRT.

• Familiarity with SIEM/EDR evasion and threat simulation techniques.