Lead and execute complex penetration testing and red team operations across AWS, Azure, and GCP environments.
Lead the implementation of TVM tools in the DevOps environments.
Simulate real-world attack scenarios to identify weaknesses in cloud architecture, configurations, IAM, networking, containers, and serverless environments.
Design and continuously evolve the cloud security testing methodology and tooling.
Develop and execute advanced threat modeling exercises for cloud infrastructure and applications.
Guide and mentor junior cloud testers, including peer reviews, knowledge sharing, and technical training.
Design, build and maintain secure CI/CD pipelines with automated security testing (SAST, DAST, IAST).
Perform detailed exploitation of misconfigurations, vulnerable APIs, permissions escalation paths, and data exposure risks.
Build custom tools, scripts, and proof-of-concepts to demonstrate impact of discovered vulnerabilities.
Collaborate and partner with Cloud Teams, Cloud Security Architects, DevSecOps and VA & Remediation teams to advise on remediation, and best practices to secure deployments of AWS, Azure, GCP etc.
Integrate and manage TVM security tools in the Cloud and/or DevSecOps environments.
Collaborate with VA & Remediation teams to produce relevant evidence during audit exercise.
Stay ahead of emerging threats, cloud-native exploitation techniques, and regulatory frameworks affecting cloud security.
Job Requirements:
Bachelor Degree in Business, Computer Science, Information Security, Cybersecurity, or related technical field, or equivalent.
Minimum 5 years of experience in penetration testing, with at least 23 years focused on cloud platforms (AWS, Azure, GCP).
Proven experience performing Penetration Testing in a cloud infrastructure, cloud misconfiguration exploitation, and offensive tool development.
Experience in regulated environments (e.g., banking, finance, or telecommunications) is highly advantageous.
In-depth knowledge of public cloud environments: AWS, Azure, and GCP.
Strong understanding of IAM, cloud networking, compute, serverless, containers (Kubernetes), storage, and logging.
Skilled in offensive security tools such as Pacu, ScoutSuite, Prowler, Burp Suite, Nmap, custom scripting (Python, Bash, PowerShell).
Familiar with IaC and CI/CD tooling: Terraform, CloudFormation, Jenkins, GitLab CI, etc.
Strong understanding of MITRE ATT&CK for Cloud, adversary simulation, and attacker TTPs.
