Information Security Lead

Experience : 8+ Years Function : Security Assessments (Web, API, Mobile, Infra, Cloud) | Customer / Delivery Support Location : Bangalore Employment Type : Full-Time (In office) Application Form : Role Purpose We are seeking an experienced Information Security Lead to drive and oversee end-to-end security assessments across diverse technology stacks — including web, mobile, API, infrastructure, and cloud. The role involves hands-on testing, validating findings with technical evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure through effective remediation. The candidate will also act as a technical interface with customers, delivery teams, and internal stakeholders. Key Responsibilities 1. End-to-End VAPT Delivery

• Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT) across applications, APIs, infrastructure, and cloud workloads.
• Focus on manual-first testing to uncover complex issues like IDOR / BOLA, broken access control, SSRF, logic abuse, and weak authentication.
• Deliver detailed reports with proof-of-concept, impact assessment, and remediation guidance. 2. Application / API / Mobile Security
• Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API) standards.
• Perform mobile app testing (Android / iOS) per OWASP MASVS / MSTG, using tools like MobSF, Frida, and Objection.
• Work closely with developers and DevOps teams to clarify findings, verify fixes, and perform retests. 3. Cloud Security Review
• Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies, and exposed services.
• Recommend security hardening in line with CIS benchmarks.
• Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata exposure attacks. 4. Defensive Integration
• Translate assessment findings into actionable defensive controls — SIEM rules, WAF policies, and API gateway configurations.
• Collaborate with SOC / Defensive teams to enhance visibility and detection based on VAPT results. 5. Customer / Delivery / Internal Support
• Join client and internal calls to explain methodologies, findings, and risk ratings.
• Provide inputs for SOWs, level of effort (LoE), and environment requirements.
• Conduct walkthroughs of assessment results with app, infra, and cloud teams for effective remediation. 6. Process & Team Enablement
• Maintain and update SOPs, templates, and checklists in line with OWASP and NIST frameworks.
• Integrate testing processes into SDLC and CI / CD pipelines for continuous security assurance.
• Mentor junior team members, review reports, and ensure quality in assessment delivery. Required Technical Skills
• Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing.
• Proficiency with tools : Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman, sqlmap, cloud consoles.
• Deep understanding of OAuth2 / OIDC / JWT, TLS, REST, GraphQL, and CORS.
• Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS Benchmarks, CVSS v3.X.
• Scripting ability in Python / PowerShell for automation and PoC generation. Preferred Certifications
• Offensive Certifications : OSCP, OSWE, eWPTX, GWAPT, GMOB
• Cloud & Security Certifications : AZ-500, AWS Security Specialty, CCSP
• Exposure to SAST, DAST, SCA, and DevSecOps pipeline integration