Talent.com
No longer accepting applications
Information Security Lead – Managed Security Services

Information Security Lead – Managed Security Services

Terralogicanand, India
1 day ago
Job description

Experience : 8+ Years

Function : Security Assessments (Web, API, Mobile, Infra, Cloud) | Customer / Delivery Support

Location : Bangalore

Employment Type : Full-Time (In office)

Application Form : Role Purpose

We are seeking an experienced Information Security Lead to drive and oversee end-to-end

security assessments across diverse technology stacks — including web, mobile, API,

infrastructure, and cloud. The role involves hands-on testing, validating findings with technical

evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure

through effective remediation. The candidate will also act as a technical interface with

customers, delivery teams, and internal stakeholders.

Key Responsibilities

1. End-to-End VAPT Delivery

  • Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT)

across applications, APIs, infrastructure, and cloud workloads.

  • Focus on manual-first testing to uncover complex issues like IDOR / BOLA, broken

    • access control, SSRF, logic abuse, and weak authentication.

  • Deliver detailed reports with proof-of-concept, impact assessment, and remediation

    • guidance.

    2. Application / API / Mobile Security

  • Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API)

    • standards.

  • Perform mobile app testing (Android / iOS) per OWASP MASVS / MSTG, using tools like

    • MobSF, Frida, and Objection.

  • Work closely with developers and DevOps teams to clarify findings, verify fixes, and

    • perform retests.

    3. Cloud Security Review

  • Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies,

    • and exposed services.

  • Recommend security hardening in line with CIS benchmarks.
  • Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata

    • exposure attacks.

    4. Defensive Integration

  • Translate assessment findings into actionable defensive controls — SIEM rules, WAF

    • policies, and API gateway configurations.

  • Collaborate with SOC / Defensive teams to enhance visibility and detection based on

    • VAPT results.

    5. Customer / Delivery / Internal Support

  • Join client and internal calls to explain methodologies, findings, and risk ratings.
  • Provide inputs for SOWs, level of effort (LoE), and environment requirements.
  • Conduct walkthroughs of assessment results with app, infra, and cloud teams for

    • effective remediation.

    6. Process & Team Enablement

  • Maintain and update SOPs, templates, and checklists in line with OWASP and NIST

    • frameworks.

  • Integrate testing processes into SDLC and CI / CD pipelines for continuous security

    • assurance.

  • Mentor junior team members, review reports, and ensure quality in assessment delivery.

    • Required Technical Skills

  • Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing.
  • Proficiency with tools : Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman,

    • sqlmap, cloud consoles.

  • Deep understanding of HTTP, OAuth2 / OIDC / JWT, TLS, REST, GraphQL, and CORS.
  • Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS

    • Benchmarks, CVSS v3.x.

  • Scripting ability in Python / PowerShell for automation and PoC generation.

    • Preferred Certifications

  • Offensive Certifications : OSCP, OSWE, eWPTX, GWAPT, GMOB
  • Cloud & Security Certifications : AZ-500, AWS Security Specialty, CCSP
  • Exposure to SAST, DAST, SCA, and DevSecOps pipeline integration
    • Create a job alert for this search

    Information Security Lead • anand, India