Information Security Professional
You'll be part of a high-performing security team tackling complex challenges. Whether diving into intricate web application pentesting or participating in purple team simulations, you'll collaborate with detection engineers to fortify SOC operations.
Key Responsibilities:
* Operate as a SOC Tier 2 or Tier 3 engineer, swiftly triaging and resolving security incidents.
* Configure and harden security systems (antivirus, firewalls, OS security).
* Develop zero-day mitigation strategies when patches are unavailable.
* Troubleshoot issues with tools like Antivirus, Qualys, or DNS filtering etc.
* Build automation scripts for deploying agents, policy cleanup, or custom security scanners.
Web Application Pentesting:
* Execute precise manual and automated tests on web apps and APIs.
* Uncover OWASP Top 10 and elusive business logic vulnerabilities.
* Deliver clear, actionable PoCs and remediation guidance.
* Work closely with developers to guide secure coding and implement effective fixes.
Purple Team / Detection Engineering:
* Participate in adversary simulations to test and enhance SOC defenses, conducted at least twice per quarter.
* Fine-tune detection rules across EDR and SIEM for maximum precision.
* Design and run internal threat scenarios to stress-test response capabilities.
* Enhance defender workflows through close collaboration and visibility improvements.
Requirements:
* Deep system administration skills in Windows and Linux, with a security-first approach, adept at solving multi-layered OS, network, and configuration issues.
* Experience in incident response, threat hunting, or SOC Tier 2+ roles.
* Proficiency with tools like Burp Suite, Nmap, SQLmap, or custom scripts.
* Strong scripting skills in Python, Bash, or PowerShell for automation.
* Excellent written and verbal communication in English.
* Experience with vulnerability management platforms like DefectDojo for tracking and prioritizing security findings is a plus.
* A profile on platforms like Hack The Box, TryHackMe, or similar (please provide your profile link).
* Fluent in English.
Bonus Points For:
* Proven success in bug bounty programs with documented cases.
* Experience in purple team operations or red-blue collaboration.
* Familiarity with C2 frameworks, payload development, or adversary emulation.
* Knowledge of cloud security (AWS, Azure, GCP).
* Certifications like OSCP, OSWE, CRTO, or equivalent.
Benefits:
Salary Range: $3000-$4500 USD + Holidays
PTO: Unlimited