Assistant Manager - Security Assurance

We are seeking a skilled Assistant Manager – Security Assurance with 4 to 5 years’ experience. The ideal candidate will lead and perform vulnerability assessments, penetration testing, application and API security assessments, and baseline reviews to ensure the robustness of our infrastructure and applications. Strong expertise in VA/PT, API security, and application security testing (SAST/DAST) is essential. Experience with Qualys and familiarity with Azure Cloud or DevOps pipelines will be considered an added advantage. The role will focus on identifying, validating, and tracking security risks while supporting security compliance initiatives and remediation efforts.

Key Result Areas

• Conduct infrastructure, network, and application-level vulnerability assessments using tools like Qualys, Burp Suite, etc.
• Execute penetration testing across web applications, APIs, and infrastructure environments.
• Perform and lead static (SAST) and dynamic (DAST) application security assessments.
• Evaluate API endpoints for misconfigurations, security flaws, and vulnerabilities.
• Perform baseline configuration reviews against standards such as CIS and STIG.
• Prepare detailed technical reports on findings and communicate risks to stakeholders.
• Provide technical guidance and support for remediation of identified vulnerabilities.
• Collaborate with DevOps teams to embed security practices in CI/CD pipelines.
• Maintain documentation for audit and regulatory compliance.
• Lead internal knowledge-sharing sessions and participate in evaluating new tools.

• Bachelor’s degree in Computer Science, Information Security, IT, or a related field.
• 4 to 5 years of experience in vulnerability management, penetration testing, and application/API security assessments.
• Relevant certificates (e.g., OSCP, CEH, eWPT) are highly desirable.
• Proficient with security tools like Qualys, Burp Suite, OWASP ZAP, Fortify.
• Strong understanding of OWASP Top 10, secure coding principles, and API security best practices.
• Basic understanding of wireless security testing is a plus.
• Excellent analytical, problem-solving, and technical communication skills.