Terralogic
Website:
terralogic.com
Job details:
Job Title: Information Security Lead
Experience: 8+ Years
Function: Security Assessments (Web, API, Mobile, Infra, Cloud) | Customer/Delivery Support
Location: Bangalore
Employment Type: Full-Time
Role Purpose
We are seeking an experienced Information Security Lead to drive and oversee end-to-end
security assessments across diverse technology stacks — including web, mobile, API,
infrastructure, and cloud. The role involves hands-on testing, validating findings with technical
evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure
through effective remediation. The candidate will also act as a technical interface with
customers, delivery teams, and internal stakeholders.
Key Responsibilities
1. End-to-End VAPT Delivery
● Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT) across applications, APIs, infrastructure, and cloud workloads.
● Focus on manual-first testing to uncover complex issues like IDOR/BOLA, broken access control, SSRF, logic abuse, and weak authentication.
● Deliver detailed reports with proof-of-concept, impact assessment, and remediation guidance.
2. Application / API / Mobile Security
● Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API)
standards.
● Perform mobile app testing (Android/iOS) per OWASP MASVS/MSTG, using tools like MobSF, Frida, and Objection.
● Work closely with developers and DevOps teams to clarify findings, verify fixes, and
perform retests.
3. Cloud Security Review
● Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies,
and exposed services.
● Recommend security hardening in line with CIS benchmarks.
● Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata
exposure attacks.
4. Defensive Integration
● Translate assessment findings into actionable defensive controls — SIEM rules, WAF
policies, and API gateway configurations.
● Collaborate with SOC/Defensive teams to enhance visibility and detection based on
VAPT results.
5. Customer / Delivery / Internal Support
● Join client and internal calls to explain methodologies, findings, and risk ratings.
● Provide inputs for SOWs, level of effort (LoE), and environment requirements.
● Conduct walkthroughs of assessment results with app, infra, and cloud teams for
effective remediation.
6. Process & Team Enablement
● Maintain and update SOPs, templates, and checklists in line with OWASP and NIST
frameworks.
● Integrate testing processes into SDLC and CI/CD pipelines for continuous security
assurance.
● Mentor junior team members, review reports, and ensure quality in assessment delivery.
Required Technical Skills
● Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing.
● Proficiency with tools: Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman,
sqlmap, cloud consoles.
● Deep understanding of HTTP, OAuth2/OIDC/JWT, TLS, REST, GraphQL, and CORS.
● Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS
Benchmarks, CVSS v3.x.
● Scripting ability in Python/PowerShell for automation and PoC generation.
Preferred Certifications
● Offensive Certifications: OSCP, OSWE, eWPTX, GWAPT, GMOB
● Cloud & Security Certifications: AZ-500, AWS Security Specialty, CCSP
● Exposure to SAST, DAST, SCA, and DevSecOps pipeline integration
Click on Apply to know more.