Azazel Consulting is a leading cybersecurity firm specializing in performing penetration tests for physical and networked systems. With a global presence and a portfolio of over 1,000 clients worldwide, we are dedicated to helping organizations secure their assets and operations. Our expertise extends to delivering comprehensive penetration testing reports and managing Security Operations Centers (SOC) via Purple teaming.
This is a Full-time remote role for an Information Security Engineer, with the exception of engagements, must be willing to travel %50 of the time. As a member of the security team, the Information Security Engineer will be responsible for conducting regular penetration testing and vulnerability assessments to identify security weaknesses and recommend risk mitigation strategies. The Information Security Engineer will also work with other security professionals to develop and implement information security policies, procedures, and security standards.
- Bachelor's degree in Computer Science, Information Security or related field, or Equivalent work experience
- 3+ years of experience in Penetration Testing, Ethical Hacking or Red Team Operations
- Understanding of common security frameworks and standards, such as NIST, CIS, OWASP, etc.
- Strong experience with a broad range of vulnerability assessment and penetration testing tools and techniques.
- Experience with programming languages such as Python, Rust, or C++
- Excellent knowledge of secure coding practices, vulnerability remediation, and secure architecture review
- Experience with cloud computing security and Infrastructure as Code
- Ability to work both independently and collaboratively within a team environment;
- Excellent written and verbal communication skills
- Security certifications such as CEH, OSCP, CREST CRT or other industry certifications are a plus
A Day In the Life:
As a Information Security Engineer you will do the following in your day to day tasks:
- *Perform manual Network Enumeration of client Infrastructure
- *Perform manual Service Enumeration of client infrastructure
- *Perform on site Physical Security Audits per the engagements ROC.
- *Document and automate tasks for internal tools, and reporting.
- *Black box, and White Box testing
- *Reverse Engineering of Client Software
- *Web-Application Exploitation via Burpsuite and various other tools
- *Cryptography is a plus
- *Extensive Reporting and Remediation