Saviynt is an identity authority platform built to power and protect the world at work. In a world of digital transformation, where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress, Saviynt’s Enterprise Identity Cloud gives customers unparalleled visibility, control and intelligence to better defend against threats while empowering users with right-time, right-level access to the digital technologies and tools they need to do their best work.
We are seeking a highly skilled and experienced Lead/Principal Penetration Tester to join our security team. This role has a string focus exclusively on advanced penetration testing of cloud infrastructure (AWS and Azure) and containerized environments, including Kubernetes (EKS and AKS). You will collaborate closely with Architecture, Cloud Platform Engineering, Cloud Operations and Security teams to identify vulnerabilities, assess risks, and recommend effective mitigation strategies.
WHAT YOU WILL BE DOING
- Conduct in-depth penetration testing of cloud infrastructure, deployment models, and cloud-native services on AWS and Azure.
- Perform security assessments and penetration testing on Kubernetes clusters (EKS and AKS), including container images and associated components.
- Identify and exploit misconfigurations or vulnerabilities in Kubernetes clusters, workload security, and related cloud environments.
- Analyse and prioritize vulnerabilities across AWS, Azure, and containerized deployments based on risk, impact, and business context.
- Prepare comprehensive reports detailing findings, potential impacts, and actionable remediation steps. Communicate these reports effectively to both technical and non-technical stakeholders.
- Collaborate with Cloud Ops, DevOps, and Cloud Engineering teams to provide expert guidance and support for remediating vulnerabilities in cloud infrastructure and containerized environments.
- Leverage and customize industry-standard security tools (e.g., Trivy, kube-hunter, Aqua, Falco) and develop custom scripts or tools to enhance testing capabilities. Automate repetitive tasks to streamline penetration testing workflows.
- Participate in threat modelling exercises to identify risks specific to AWS, Azure, EKS, and AKS environments.
- Ensure all penetration testing activities adhere to industry standards and compliance frameworks, such as NIST, ISO 27001, CSA, and Kubernetes Security Best Practices.
- Develop and communicate targeted remediation strategies for cloud and container security risks, ensuring alignment with organizational goals and business priorities.
- Mentor and guide junior penetration testers, fostering continuous learning and professional growth in cloud and container security practices.
WHAT YOU BRING
- Bachelor’s degree in computer science, Information Security, or a related field.
- 10+ years of hands-on experience in penetration testing, with at least 3 years focused on AWS and Azure cloud infrastructures.
- Proven expertise in penetration testing of cloud services, deployments, Kubernetes clusters (EKS and AKS), and containerized applications.
- Hands-on experience with cloud infrastructure architecture reviews, threat modelling, cloud configuration assessments, and container/Kubernetes security.
- Proficiency in scripting and automation using Python, Go, Shell, or Bash for custom testing.
- Strong knowledge of security tools and techniques for cloud, Kubernetes, and containerized environments.
- Any of the relevant certification such as OSCP, Kubernetes Security Specialist, AWS Certified Security – Specialty, or Microsoft Azure Security Engineer.
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer, and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.