Staff SecOps Consultant - Afternoon Shift

Staff SecOps Consultant - Afternoon ShiftCompany: 10Pearls10Pearls is an end-to-end digital technology services partner helping businesses utilize technology as a competitive advantage. We help our customers digitalize their existing business, build innovative new products, and augment their existing teams with high-performance team members. Our broad expertise in product management, user experience/design, cloud architecture, software development, data insights and intelligence, cybersecurity, emerging tech, and quality assurance ensures that we are delivering solutions that address business needs. 10Pearls is proud to have a diverse clientele including large enterprises, SMBs, and high-growth startups. We work with clients across industries, including healthcare/life sciences, education, energy, communications/media, financial services, and hi-tech. Our many long-term, successful partnerships are built upon trust, integrity, and successful delivery and execution.Role: We are looking for a Staff SecOps Engineer. The ideal candidate should have experience or exposure to penetration testing tools such as Metasploit, Burp Suite, Nmap, Maltego, MOBSF, FRIDA, cydia, etc.Responsibilities:Plan and create penetration testing methods, scripts, and tests.Experience in security operation center tools like SIEM, Splunk, Wazuh, etc.Should be familiar with multiple SAST, DAST & SCA tools.Think critically about complex problems and situations.Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).Develop novel attack vectors based on newly discovered vulnerabilities.Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. Experience in information security audits, risk assessments, and compliance procedures.Carry out black box and white box penetration testing of client's network and infrastructure to expose weaknesses in security.Able to hack into web applications that are vulnerable to attacks, especially OWASP top 10 and CWE top 25 vulnerabilities.Advanced level knowledge of mobile application penetration testing, especially using FRIDA, DROZER, and XPOSED framework.Advanced level knowledge of API testing. Good command in request interception of REST & SOAP APIs. Able to perform chained attacks, privilege escalation, and lateral movement.

#J-18808-Ljbffr Management & Operations