Conduct regular vulnerability assessments using tools such as Tenable Nessus, Qualys, Rapid7, or similar.
Analyze vulnerability scan results and collaborate with IT and DevOps teams for timely remediation.
Prioritize vulnerabilities based on risk level, exploitability, and business impact.
Track and report remediation efforts, providing status updates to stakeholders.
Maintain up-to-date knowledge of known vulnerabilities and emerging threats (e.g., CVEs).

Perform penetration tests on applications, systems, networks, and cloud environments.
Simulate real-world attacks to evaluate the effectiveness of security controls.
Document findings and create detailed reports with actionable remediation guidance.
Conduct retesting after fixes to validate security improvements.
Use manual and automated testing tools (e.g., Burp Suite, Metasploit, Nmap, Kali Linux, OWASP ZAP).

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
3+ years of experience in vulnerability management and penetration testing.
Hands-on experience with industry-standard tools such as Nessus, Burp Suite, Nmap, Metasploit, Qualys, etc.
Familiarity with CVSS scoring, threat modeling, and risk assessment frameworks.
Deep understanding of network protocols, web application architecture, and secure coding practices.
Strong communication skills to deliver clear and actionable vulnerability reports.

Security certifications such as:
OSCP (Offensive Security Certified Professional)
CEH (Certified Ethical Hacker)
GPEN (GIAC Penetration Tester)
CISSP, Security+, or CRTP
Experience with cloud security and tools like AWS Inspector, Azure Security Center, or GCP SCC.
Knowledge of SIEM platforms and threat intelligence feeds.
Familiarity with secure DevOps (DevSecOps) practices and CI/CD pipeline integration.

Vulnerability Management & Penetration Testing Engineer