Cloud Cyber Security Test Engineer

Role: Cyber Securty

Location: Chennai (IN)

Assignment period

01 Apr 2025 - 31 Mar 2026

Assignment description

We are looking for a Cloud Cyber Security Test Engineer for our client.

?

Job description:

Our Digital Development teams are highly cross-functional with our business colleagues and customers setting the direction. As a Cloud Cyber security Tester, you will be responsible for identifying and mitigating security vulnerabilities in embedded systems and firmware across a variety of devices, including IoT devices. You will work closely with cross-functional teams, including software engineers, hardware engineers, and security analysts, to ensure the security and resilience of our products against potential threats

?

Your main responsibilities:

The Cloud Cyber security test engineer is, throughout the lifetime of a digital solution, accountable for:

?

• Perform security assessments and penetration testing on cloud and web applications to identify vulnerabilities and weaknesses.
• Develop and execute test plans, test cases, and scripts to uncover security flaws within digital software.

• Collaborate with development teams to remediate identified vulnerabilities and provide guidance on secure coding practices.
• Develop and maintain security testing tools, scripts, and frameworks specifically tailored for cloud.
• Keep up-to-date with the latest security trends, vulnerabilities, attack vectors, and mitigation strategies specific to embedded systems.
• Prepare detailed technical reports, including proof-of-concept exploits, risk assessments, and recommendations for security improvements.
• Participate in security design reviews and threat modeling for new web applications.
• Work closely with security architects and security engineers
• Conduct security research on new cloud technologies, protocols, and platforms.
• Train and mentor junior team members on cloud security testing methodologies and tools.

Your Background:

• Educational Background: Bachelor&aposs or Master&aposs Degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• Experience: Over 5 years of experience in red teaming, penetration testing, or cloud security, with a focus on Azure, Kubernetes, and containerized environments.
• Technical Expertise: Strong understanding of Azure Kubernetes Service (AKS), Docker security, container runtime attacks, and supply chain vulnerabilities.

?

Advanced Skills:

• Expertise in privilege escalation, lateral movement, and evasion techniques in Azure and containerized workloads.
• Certifications: Recommended certifications include OSCP, OSEP, CRTP, CRTE, GCPN, GXPN, AZ-500, SC-100, SC-300, CKS, CNCF Kubernetes & Cloud Native Security Certifications, and Docker Certified Associate (DCA).

Red Teaming Tools:

• Familiarity with tools like MicroBurst, StormSpotter, AzureHound, ROADtools, AADInternals, Mimikatz, Whisker, Graph API & Azure CLI, Kube-hunter, Kube-bench, Trivy, Falco, Kubeaudit, Peirates, Kubescape, Docker Bench for Security, Dive, Crunge, and Container Escape Techniques.
• Persistence & Lateral Movement: Knowledge of tools and techniques for persistence and lateral movement in Azure and Kubernetes, such as Ruler, TokenTactics, AADSpray, MailSniper, and Kubelet Attacks.
• Exploitation & Post-Exploitation: Proficiency in exploitation frameworks like Metasploit, Empire, and post-exploitation techniques in Kubernetes.
• Defensive Evasion: Skills in evasion techniques using tools like SharPersist, BOFNET, Koadic, and obfuscation methods.
• Frameworks & Compliance: Understanding of frameworks and compliance standards like MITRE ATT&CK, NIST 800-53, CIS Benchmarks, OWASP Kubernetes Security Testing Guide, and Microsoft Cloud Adoption Framework (CAF) Security Best Practices.
• Scripting & Automation: Experience with scripting and automation using PowerShell, Azure CLI, Python, Terraform, Bicep, Jenkins, and Azure DevOps.
• Advanced Techniques: Knowledge of advanced red teaming techniques such as cloud workload impersonation, abusing conditional access policies, OAuth token hijacking, cross-tenant attacks in Azure AD, hybrid AD attacks, container escape attacks, and exploiting Kubernetes API Server and Secrets

?

Required skills

Cloud Security

Red Teaming Tools

Docker security

Azure AKS

Additional details

Hours per week: 45