Company Overview
10Pearls is an end-to-end digital technology services partner helping businesses utilize technology as a competitive advantage. We help our customers digitalize their existing business, build innovative new products, and augment their existing teams with high-performance team members. Our broad expertise in product management, user experience/design, cloud architecture, software development, data insights and intelligence, cybersecurity, emerging tech, and quality assurance ensures that we are delivering solutions that address business needs. 10Pearls is proud to have a diverse clientele including large enterprises, SMBs, and high-growth startups. We work with clients across industries, including healthcare/life sciences, education, energy, communications/media, financial services, and hi-tech. Our many long-term, successful partnerships are built upon trust, integrity, and successful delivery and execution.
Role
We are looking for a Staff SecOps Engineer, Ideal candidate should have experience or exposure to penetration testing tools such as Metasploit, Burp Suite, Nmap, Maltego, MOBSF, FRIDA, cydia etc.
Responsibilities
- Plan and create penetration testing methods, scripts and tests
- Experience in security operation center tools like SIEM, Splunk, Wazuh etc.
- Should be familiar with multiple SAST,DAST & SCA tools
- Think critically about complex problems and situations.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Develop novel attack vectors based on newly discovered vulnerabilities.
- Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
- Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. Experience in information security audits, risk assessments and compliance procedures.
- Carry out black box and white box penetration testing of client’s network, infrastructure to expose weaknesses in security.
- Able to hack into web applications that are vulnerable to attacks. Specially OWASP top 10 and CWE top 25 vulnerabilities
- Advance level knowledge of mobile application penetration testing specially using FRIDA, DROZER and XPOSED framework.
- Advance level knowledge of API testing. Good command in request interception of REST & SOAP APIs. • Able to perform chained attacks, privilege escalation, and lateral movement