Job Title

Job Description for Information Security Auditor profile with SecNinjaz Technologies LLPProfile : Information Security AuditorNumber of Requirements : 01Location of Deputation : New DelhiExperience Range : 3+ yearsSalary Range : No Bar for Potential CandidatesRole Overview:The Security Auditor will be responsible for conducting comprehensive security assessments, including audits, penetration testing, and compliance evaluations. This role requires a meticulous, analytical professional with OSCP and CEH certifications, capable of identifying vulnerabilities and recommending technical and strategic security improvements.Key Responsibilities:Perform technical security audits across internal and client infrastructures (networks, systems, and applications).Conduct vulnerability assessments and manual penetration testing, including both black-box and white-box scenarios.Analyze security policies, standards, and configurations against best practices and compliance frameworks.Develop detailed audit and assessment reports with risk ratings and mitigation strategies.Collaborate with internal teams and client stakeholders to understand business requirements and security needs.Participate in incident response planning and security awareness training initiatives.Stay informed about the latest threats, attack techniques, and regulatory developments.Required Qualifications:Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience.Active OSCP (Offensive Security Certified Professional) certification.Active CEH (Certified Ethical Hacker) certification.3+ years of experience in information security auditing, penetration testing, or ethical hacking.Strong understanding of operating systems (Linux, Windows), networking, and web application security.Hands-on experience with tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, etc.Excellent documentation and communication skills. Preferred Qualifications:Experience conducting audits for compliance standards (ISO 27001, PCI-DSS, HIPAA, etc.).Exposure to cloud environments (AWS, Azure, GCP) and their security models.Scripting knowledge in Python, Bash, or PowerShell.Additional certifications such as CISA, CISSP, or GPEN are a plus.