Senior Engineer I, Cybersecurity Testing and Audit at Schneider Electric | JobProMax | JobProMax
Senior Engineer I, Cybersecurity Testing and Audit
Schneider Electric
Bangalore, India
Contract
Competitive
RemoteSenior
Job Description
Lead, Cybersecurity Penetration Tester
Context
Schneider Digital is the global IT organization within Schneider Electric. We have, within our Cybersecurity function, an objective to assess the security of our systems, to identify security risks before those materialize. Technical assurance, by means of security testing of the actual system, is crucial so we identify application related issues that need to be addressed.
This role is part of our DE Penetration Testing unit and will focus on performing penetration testing of those systems, and providing clear guidance as to how to address weaknesses identified. The role holder will be working in collaboration with the applications security and compliance regional managers and other IT specialists, to train in Schneider Electric security policies, processes, and tools.
Responsibilities
The Lead Cybersecurity Penetration Tester will work with project teams to ensure applications meet our security policies.
Understand project deliverables and application details
Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system
Propose mitigation steps for identified risks and threats
Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.
Work alongside the cybersecurity community and application teams.
Explore process, reporting and improvement in techniques
Ability to collaborate with other penetration teams to align knowledge, tools and techniques
Behaviors and Competencies
Strong written and verbal communication skills, with a proven ability to communicate with technical staff, as well as project teams , so security risks are understood in business terms
Keep pace with standards and technologies related to security
Leadership / Act like owners
Collaboration / Teamwork
Requirements Gathering and Analysis
Interpersonal Skills, proactiveness
Willing to learn new skills / Learn Every day and desire to succeed and grow
Skills
Security - Web, Mobile, API, Cloud and container security, Thick Client, Network, Operating System
Applications Development & Delivery
Understanding or experience of any of the following is an advantage:
Cloud Security Assessment and Security Audits of Cloud Environment
Vulnerability Management (Process, Tools and Metrics)
NIST Cybersecurity Framework
Critical Security Controls (CSC)
Expertise in DevSecOps methodologies is also an advantage.
Knowledge
Pentest standards and methodologies, OWASP, SANS etc.
Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments
Good understanding of server vulnerabilities (Linux, Windows) and hardening
Familiarity with cloud platforms, and cloud container security
Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
Experience with automation, scripting (Python, Perl, Ruby, etc.)
Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to penetration testing
Basic understanding of AI/ML concepts and Large Language Models (LLMs) and their integration in modern applications
Awareness of security risks in AI/LLM-based systems, including prompt injection, data leakage, and API misuse in GenAI applications
Ability to translate technical security topics in a business-friendly manner
Demonstrable teamwork skills and resourcefulness
Virtual Machines Management
Experience
Essential
4+ years of experience in IT security
Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API, Thick client & Network.
Desirable
Experience with red teams or CTF (Capture the Flag)
Experience with reverse engineering
Presented exploit POC/ research concepts at forums like exploit-db.
Participated in national/ international cybersecurity conferences.
DevSecOps implementation and supporting security tooling is desirable (SAST)
Education and Training
Essential
BE or MS or MCA Computers Science or Information Technology or related fields
Tech Computers Science or Information Technology or related fields
Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.
Azure / AWS security certifications is a plus.
CISSP, CEH also a plus
Required Skills
Security - Web, Mobile, API, Cloud and container security, Thick Client, Network, Operating SystemApplications Development & DeliveryUnderstanding or experience of any of the following is an advantage: Cloud Security Assessment and Security Audits of Cloud EnvironmentVulnerability Management (Process, Tools and Metrics)NIST Cybersecurity FrameworkCritical Security Controls (CSC)Expertise in DevSecOps methodologies is also an advantage.Pentest standards and methodologies, OWASP, SANS etc.Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessmentsGood understanding of server vulnerabilities (Linux, Windows) and hardeningFamiliarity with cloud platforms, and cloud container securityEfficient and effective usage of pentest tools as well as demonstrate less dependency on tools.Experience with automation, scripting (Python, Perl, Ruby, etc.)Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to penetration testingBasic understanding of AI/ML concepts and Large Language Models (LLMs) and their integration in modern applicationsAwareness of security risks in AI/LLM-based systems, including prompt injection, data leakage, and API misuse in GenAI applications
Responsibilities
Understand project deliverables and application details
Run automated and manual security checks (not limited to tools) to uncover security weaknesses in the system
Propose mitigation steps for identified risks and threats
Provide clear recommendations from a security perspective based on understanding of application, application risk and business context, and results of checks performed.
Work alongside the cybersecurity community and application teams.
Explore process, reporting and improvement in techniques
Ability to collaborate with other penetration teams to align knowledge, tools and techniques
Strong written and verbal communication skills, with a proven ability to communicate with technical staff, as well as project teams , so security risks are understood in business terms
Keep pace with standards and technologies related to security
Leadership / Act like owners
Collaboration / Teamwork
Requirements Gathering and Analysis
Interpersonal Skills, proactiveness
Willing to learn new skills / Learn Every day and desire to succeed and grow
Signup To JobProMax Today! Apply To More Jobs And Unlock More Features
Job Details
Job Type
Contract
Workplace Type
Remote
Experience Level
Senior
Salary
Competitive
Categories
Software Engineering
Ability to translate technical security topics in a business-friendly manner