Job Title

Job Statement:NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. Job responsibilities: · Lead and coordinate comprehensive Attack Surface Discovery, Penetration Tests, and Cloud security assessments across systems and networks, utilizing advanced ethical hacking techniques. · Manage and oversee Application Penetration Testing efforts (Browser-based, API, Mobile, IoT) to identify vulnerabilities and risks. · Guide and mentor, the team on Threat Modeling practices, ensuring a proactive security posture for client applications. · Supervise Source Code Review processes to ensure secure coding practices and the identification of potential vulnerabilities. · Direct penetration testing on web applications and APIs (internal and external), ensuring thorough assessments, vulnerability identification, and reporting. · Lead red team exercises to evaluate weaknesses in client infrastructures, providing actionable remediation strategies. · Organize and deliver technical security operational briefings for both technical teams and non-technical stakeholders, enhancing understanding of security risks. · Set scope, objectives, and timelines for penetration testing engagements, utilizing data to define key metrics and ensure project success. · Oversee dynamic application security testing (DAST) scans on identified targets, both with and without credentials, ensuring comprehensive vulnerability assessments. · Conduct credentialed DAST scans on known client URLs, ensuring detailed testing coverage. · Direct research efforts to identify new attack vectors and emerging threats, keeping the team ahead of the evolving cybersecurity landscape. · Provide leadership and guidance in reviewing and offering feedback for all security artifacts, ensuring high-quality deliverables. · Play a key role in developing and managing a comprehensive AppSec program with wide-reaching impact, aligning it with the company’s security goals. · Spearhead research on open-source emerging technologies and lead the development of frameworks and capabilities for red team exercises on new technologies adopted by clients. · Oversee the preparation and delivery of clear, accurate, and concise technical reports, ensuring effective communication of security findings to senior management. Job specifications: Qualification:· Bachelor’s degree in Engineering or closely related coursework in technology development disciplines · Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable Experience: · Total Experience – 10+ years Desired Skills: Knowledge and Experience: · Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE). · A thorough understanding of the Secure Development Life Cycle · Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols. · Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.). · Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.). · Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android). · Microservices testing · Ability to find and exploit bugs in: · C++, Java, JavaScript, Go, and Python · Kubernetes, AWS, GCP, or Azure · Memory management, namespaces, cgroups, etc. · Passion for writing code to solve problems combined with an interest in Offensive Security. · Ability to demonstrate a strong background in one of the following languages: · Golang, Python, Java, JavaScript, C++, C Personal Attributes · Self-starter and quick learner requiring minimal ramp-up · Excellent analytical, written, oral, and interpersonal communication skills · Highly self-motivated, self-directed, and attentive to detail · Ability to effectively prioritize and execute tasks in a high-pressure environment · Strong communications skills to comfortably work cross-functionally across the organization