INFORMATION SECURITY ANALYST / PENETRATION TESTER @ SIMPAISA
Simpaisa is actively recruiting a dedicated Information Security Analyst / Penetration Tester to join its technical department in Karachi, Pakistan. This onsite role is central to the organization's mission of protecting its digital infrastructure, specifically focusing on the security of web applications and API interfaces. The position requires a proactive professional who can navigate complex cybersecurity landscapes to identify and remediate potential threats.
In this role, you will be responsible for conducting thorough manual penetration testing and utilizing advanced security tools to evaluate the effectiveness of existing defenses. You will leverage your expertise in OWASP standards, Java architecture, and cloud environments like AWS and Azure AD to provide actionable insights for the development teams. The ideal candidate will possess a minimum of two years of relevant experience and demonstrate a commitment to maintaining high security standards throughout the software development life cycle.
In this role, you will be responsible for conducting thorough manual penetration testing and utilizing advanced security tools to evaluate the effectiveness of existing defenses. You will leverage your expertise in OWASP standards, Java architecture, and cloud environments like AWS and Azure AD to provide actionable insights for the development teams. The ideal candidate will possess a minimum of two years of relevant experience and demonstrate a commitment to maintaining high security standards throughout the software development life cycle.
Key Requirements
Strong understanding of OWASP Top 10 vulnerabilities.
Hands-on experience in manual penetration testing for web applications.
Proficiency in API security testing methodologies.
Familiarity with Java application architecture.
Knowledge of secure coding practices.
Understanding of authentication protocols such as OAuth, JWT, and SAML.
Familiarity with secure Software Development Life Cycle (SDLC) processes.
Experience with SAST and DAST security tools.
Exposure to cloud platforms such as AWS or Azure AD.
Minimum of 2 years of hands-on professional experience in cybersecurity.