Job Statement:
NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for
companies that need to be resilient and compliant. Managed extended detection and
response (MXDR), attack surface management (ASM), breach and attack simulation (BAS),
and advisory services fortify your cybersecurity across both offense and defense. AI-driven
intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber
Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity
posture in real-time. Our service packages, which are each tailored to a client's needs and
budget, and external threat analysis, which provides critical intelligence at no-cost, help to
democratize cybersecurity by making enterprise-grade defenses and security operations
available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the
bar for security and service.
Job responsibilities:
- Lead and coordinate comprehensive Attack Surface Discovery, Penetration Tests, and Cloud
VAPT assessments across systems and networks, utilizing advanced ethical hacking
techniques.
- Manage and oversee Application Penetration Testing efforts (Browser-based, API, Mobile,
IoT) to identify vulnerabilities and risks.
- Guide and mentor, the team on Threat Modeling practices, ensuring a proactive security
posture for client applications.
- Supervise Source Code Review processes to ensure secure coding practices and the
identification of potential vulnerabilities.
- Direct penetration testing on web applications and APIs (internal and external), ensuring
thorough assessments, vulnerability identification, and reporting.
- Lead red team exercises to evaluate weaknesses in client infrastructures, providing actionable
remediation strategies.
- Organize and deliver technical security operational briefings for both technical teams and
non-technical stakeholders, enhancing understanding of security risks.
- Set scope, objectives, and timelines for penetration testing engagements, utilizing data to
define key metrics and ensure project success.
- Oversee dynamic application security testing (DAST) scans on identified targets, both with
and without credentials, ensuring comprehensive vulnerability assessments.
- Conduct credentialed DAST scans on known client URLs, ensuring detailed testing coverage.
- Direct research efforts to identify new attack vectors and emerging threats, keeping the team
ahead of the evolving cybersecurity landscape.
- Provide leadership and guidance in reviewing and offering feedback for all security artifacts,
ensuring high-quality deliverables.
- Play a key role in developing and managing a comprehensive AppSec program with widereaching impact, aligning it with the company's security goals.
- Spearhead research on open-source emerging technologies and lead the development of
frameworks and capabilities for red team exercises on new technologies adopted by clients.
- Oversee the preparation and delivery of clear, accurate, and concise technical reports,
ensuring effective communication of security findings to senior management.
Job specifications:
Qualification:
- Bachelor's degree in Engineering or closely related coursework in technology
development disciplines
- Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable
Experience:
- Total Experience 15+ years
Desired Skills:
Knowledge and Experience:
- Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified
Expert (OSCE).
- A thorough understanding of the Secure Development Life Cycle
- Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10),
diverse application attack vectors, security testing processes, and both wired and
wireless network security protocols.
- Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux,
Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.).
- Cloud Service penetration testing tradecraft and methodologies across one or more
service providers (e.g. AWS, GCP, etc.).
- Mobile platform penetration testing tradecraft and methodologies across widely-used
platforms (iOS and/or Android).
- Microservices testing
- Ability to find and exploit bugs in:
- C++, Java, JavaScript, Go, and Python
- Kubernetes, AWS, GCP, or Azure
- Memory management, namespaces, cgroups, etc.
- Passion for writing code to solve problems combined with an interest in Offensive
Security.
- Ability to demonstrate a strong background in one of the following languages:
- Golang, Python, Java, JavaScript, C++, C
Personal Attributes
- Self-starter and quick learner requiring minimal ramp-up
- Excellent analytical, written, oral, and interpersonal communication skills
- Highly self-motivated, self-directed, and attentive to detail
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Strong communications skills to comfortably work cross-functionally across the
organization
