Skills Required
Proficient in KQL, MITRE ATT&CK, EDR/XDR, incident response, root cause analysis.
Proactive detection, investigation, and collaboration with engineering teams to enhance detection logic.
Extensive background in Vulnerability Assessment and Penetration Testing (VAPT) for Web, Mobile, API, and Network Security
Integrating security into the Software Development Lifecycle (SDLC), performing static and dynamic analysis (SAST/DAST), and advising developers on secure coding practices.
Developing, testing, and tuning rules, signatures, and correlation logic within a Security Information and Event Management (SIEM) or Extended Detection and Response (XDR) platform (like Splunk or Microsoft Defender XDR).
Designing and implementing security controls for cloud environments (AWS, Azure) and securing specific product lines.
Investigating security incidents, analyzing digital evidence, and determining the root cause and scope of breaches.
Proficiency in cutting-edge tools like KQL, Metasploit, Burp Suite (Pro), Splunk, Volatility, and a strong understanding of MITRE ATT&CK and OWASP.
Expertise in VAPT, Burp Suite Pro, and a deep understanding of application vulnerabilities.
Combining pen-testing/threat modeling with SDLC security (SAST/DAST/S-SDLC) for specific products (Mobile/Cloud).
Knowledge of NIST CSF, RMF, ISO 27001, and Zero Trust models. Experience performing threat modeling and risk assessments.