Sr. SOC Engineer (Red Teaming & Web Application Security Specialist)

New Delhi, India, Remote India

(View all jobs)

Meet Our Team:

We are the Global Cyber team, part of Global Information Security at Hitachi Digital. Our mission is to protect the company's and its customers' vital information systems and data while responding to attacks, intrusions, and other security incidents. As passionate advocates of information security, we are a team of out-of-the-box thinkers, innovators, and collaborative problem-solvers. We continuously seek new and better ways to enhance our practices and strive for nothing less than excellence in our cybersecurity operations. We are looking for highly motivated individuals with a positive attitude who want to be part of something exceptional.

What You’ll Be Doing:

As a Red Teaming & Web Application Security Specialist, you will be responsible for conducting advanced offensive security assessments to identify vulnerabilities across applications, infrastructure, and processes. This role will blend adversary simulation (Red Team) exercises with deep web application penetration testing to proactively uncover and remediate security weaknesses before they can be exploited by malicious actors.

Key Responsibilities:

Red Teaming & Adversary Simulation

• Plan, execute, and document red team engagements simulating realistic cyberattacks against the organization’s systems, applications, and users.
• Emulate threat actors’ tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK.
• Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required.
• Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans.

Web Application Security

• Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts.
• Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization.
• Work with development teams to remediate findings and ensure secure coding practices.
• Conduct source code reviews to detect and eliminate security flaws.

Security Research & Tool Development

• Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities.
• Stay current with emerging attack vectors, zero-days, and security trends.
• Perform threat modeling and provide secure architecture recommendations.

What you’ll bring:

• 7 years of experience in Web security and red teaming
• Plan, execute, and document red team engagements simulating realistic cyberattacks against the organization’s systems, applications, and users.
• Emulate threat actors’ tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK.
• Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required.
• Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans.
• Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts.
• Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization.
• Work with development teams to remediate findings and ensure secure coding practices.
• Conduct source code reviews to detect and eliminate security flaws.
• Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities.
• Stay current with emerging attack vectors, zero-days, and security trends.
• Perform threat modeling and provide secure architecture recommendations.
• If you are passionate about cybersecurity and ready to work with a top-tier SOC team, we invite you to join us at Hitachi Digital.