Cloud Cyber Security Test Engineer

Company Description

We are a consulting company with a bunch of technologyinterested and happy people!

We love technology we love design and we love quality. Our diversity makes us unique and creates an inclusive and welcoming workplace where each individual is highly valued.

With us each individual is her/himself and respects others for who they are and we believe that when a fantastic mix of people gather and share their knowledge experiences and ideas we can help our customers on a completely different level.

We are looking for you who want to grow with us!

With us you have great opportunities to take real steps in your career and the opportunity to take great responsibility.

Requirement Details:

Our Digital Development teams are highly crossfunctional with our business colleagues and customers setting the direction. As a Cloud Cyber security Tester you will be responsible for identifying and mitigating security vulnerabilities in embedded systems and firmware across a variety of devices including IoT devices. You will work closely with crossfunctional teams including software engineers hardware engineers and security analysts to ensure the security and resilience of our products against potential threats

Your main responsibilities:

The Cloud Cyber security test engineer is throughout the lifetime of a digital solution accountable for:

• Perform security assessments and penetration testing on cloud and web applications to identify vulnerabilities and weaknesses.
• Develop and execute test plans test cases and scripts to uncover security flaws within digital software.

Conduct dynamic analysis of software to identify potential vulnerabilities.

• Collaborate with development teams to remediate identified vulnerabilities and provide guidance on secure coding practices.
• Develop and maintain security testing tools scripts and frameworks specifically tailored for cloud.
• Keep uptodate with the latest security trends vulnerabilities attack vectors and mitigation strategies specific to embedded systems.
• Prepare detailed technical reports including proofofconcept exploits risk assessments and recommendations for security improvements.
• Participate in security design reviews and threat modeling for new web applications.
• Work closely with security architects and security engineers
• Conduct security research on new cloud technologies protocols and platforms.
• Train and mentor junior team members on cloud security testing methodologies and tools.

Your Background:

• Educational Background: Bachelors or Masters Degree in Cybersecurity Computer Science or related field (or equivalent experience).
• Experience: Over 5 years of experience in red teaming penetration testing or cloud security with a focus on Azure Kubernetes and containerized environments.
• Technical Expertise: Strong understanding of Azure Kubernetes Service (AKS) Docker security container runtime attacks and supply chain vulnerabilities.

Advanced Skills:

• Expertise in privilege escalation lateral movement and evasion techniques in Azure and containerized workloads.
• Certifications: Recommended certifications include OSCP OSEP CRTP CRTE GCPN GXPN AZ500 SC100 SC300 CKS CNCF Kubernetes & Cloud Native Security Certifications and Docker Certified Associate (DCA).

Red Teaming Tools:

• Familiarity with tools like MicroBurst StormSpotter AzureHound ROADtools AADInternals Mimikatz Whisker Graph API & Azure CLI Kubehunter Kubebench Trivy Falco Kubeaudit Peirates Kubescape Docker Bench for Security Dive Crunge and Container Escape Techniques.
• Persistence & Lateral Movement: Knowledge of tools and techniques for persistence and lateral movement in Azure and Kubernetes such as Ruler TokenTactics AADSpray MailSniper and Kubelet Attacks.
• Exploitation & PostExploitation: Proficiency in exploitation frameworks like Metasploit Empire and postexploitation techniques in Kubernetes.
• Defensive Evasion: Skills in evasion techniques using tools like SharPersist BOFNET Koadic and obfuscation methods.
• Frameworks & Compliance: Understanding of frameworks and compliance standards like MITRE ATT&CK NIST 80053 CIS Benchmarks OWASP Kubernetes Security Testing Guide and Microsoft Cloud Adoption Framework (CAF) Security Best Practices.
• Scripting & Automation: Experience with scripting and automation using PowerShell Azure CLI Python Terraform Bicep Jenkins and Azure DevOps.
• Advanced Techniques: Knowledge of advanced red teaming techniques such as cloud workload impersonation abusing conditional access policies OAuth token hijacking crosstenant attacks in Azure AD hybrid AD attacks container escape attacks and exploiting Kubernetes API Server and Secrets

Location: Chennai India