Information Security Lead – Managed Security Services

Total Experience:

8–10+ years

Job Skills:

● Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing.

● Proficiency with tools: Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman,

sqlmap, cloud consoles.

● Deep understanding of HTTP, OAuth2/OIDC/JWT, TLS, REST, GraphQL, and CORS.

● Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS

Benchmarks, CVSS v3.x.

● Scripting ability in Python/PowerShell for automation and PoC generation.

Role:

We are seeking an experienced Information Security Lead to drive and oversee end-to-end security assessments across diverse technology stacks — including web, mobile, API, infrastructure, and cloud. The role involves hands-on testing, validating findings with technical evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure through effective remediation. The candidate will also act as a technical interface with customers, delivery teams, and internal stakeholders.

Responsibilities:

1. End-to-End VAPT Delivery

● Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT)

across applications, APIs, infrastructure, and cloud workloads.

● Focus on manual-first testing to uncover complex issues like IDOR/BOLA, broken

access control, SSRF, logic abuse, and weak authentication.

● Deliver detailed reports with proof-of-concept, impact assessment, and remediation

guidance.

2. Application / API / Mobile Security

● Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API)

standards.

● Perform mobile app testing (Android/iOS) per OWASP MASVS/MSTG, using tools like

MobSF, Frida, and Objection.

● Work closely with developers and DevOps teams to clarify findings, verify fixes, and

perform retests.

3. Cloud Security Review

● Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies,

and exposed services.

● Recommend security hardening in line with CIS benchmarks.

● Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata

exposure attacks.

4. Defensive Integration

● Translate assessment findings into actionable defensive controls — SIEM rules, WAF

policies, and API gateway configurations.

● Collaborate with SOC/Defensive teams to enhance visibility and detection based on

VAPT results.

5. Customer / Delivery / Internal Support

● Join client and internal calls to explain methodologies, findings, and risk ratings.

● Provide inputs for SOWs, level of effort (LoE), and environment requirements.

● Conduct walkthroughs of assessment results with app, infra, and cloud teams for

effective remediation.

6. Process & Team Enablement

● Maintain and update SOPs, templates, and checklists in line with OWASP and NIST

frameworks.

● Integrate testing processes into SDLC and CI/CD pipelines for continuous security

assurance.

● Mentor junior team members, review reports, and ensure quality in assessment delivery.