Job Title: Cyber Security Engineer
Location: Ahmedabad, Gujarat
Job Type: Full Time

About Simform:

Simform is a premier digital engineering company specialising in Cloud, Data, AI/ML, and Experience Engineering to create seamless digital experiences and scalable products. Simform has strong capabilities across Microsoft, Google Cloud, and Databricks. With a presence in 6 countries, Simform primarily serves North America, the UK, and the Northern European market. Simform is well-recognised as one of the most reputed employers in the region, having created a thriving work culture with a high work-life balance that gives a sense of freedom and opportunity to grow

Simform takes pride in being one of the most reputed employers in the region, having created a thriving work culture with a high work-life balance that gives a sense of freedom and opportunity to grow.

Role Overview:

We are seeking a skilled Cyber Security Engineer with 4+ years of hands-on experience in Vulnerability Assessment & Penetration Testing (VAPT), compliance, AI security, cloud security, mobile security, threat analysis, and governance. The candidate will be responsible for identifying security weaknesses, implementing controls, ensuring regulatory compliance, and strengthening the organization’s overall security posture.

Responsibilities:

VAPT & Offensive Security

Perform Vulnerability Assessment and Penetration Testing for web, API, mobile (Android/iOS), cloud, and network environments using tools such as Burp Suite, OWASP ZAP, Nessus, Qualys, and Acunetix.
Conduct authenticated and unauthenticated testing.
Validate vulnerabilities and provide risk-rated remediation guidance.
Perform secure configuration reviews and attack surface analysis.
Execute red team style simulations and adversary emulation.

Compliance & Governance

Support compliance initiatives such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, etc.
Assist in audit preparation, evidence collection, and remediation tracking
Map controls to regulatory and industry frameworks
Maintain documentation required for internal and external audits

AI & Application Security

Perform security assessments of AI/LLM-based applications
Test for prompt injection, data leakage, model misuse, and abuse scenarios
Conduct secure code reviews and SAST/DAST coordination
Evaluate third‑party components and libraries for vulnerabilities

Cloud Security
Assess security posture across AWS, Azure, and GCP environments using tools such as ScoutSuite, Prowler, Trivy, kube-bench, and kube-hunter.
Review IAM configurations, network security, storage exposure, and logging.
Identify misconfigurations and implement cloud security best practices.
Support container and Kubernetes security assessments.

Mobile Security
Perform mobile application security testing for Android and iOS using tools such as MobSF, Frida, Objection, APKTool, and JADX.
Conduct static and dynamic analysis.
Evaluate data storage, authentication, API usage, and reverse engineering risks

Threat Monitoring & Analysis
Analyze security alerts, logs, and incidents from multiple sources using SIEM and EDR platforms such as Microsoft Sentinel, Splunk, ELK Stack, QRadar, Defender for Endpoint, CrowdStrike, or SentinelOne.
Perform client log analysis (SIEM, EDR, firewall, cloud logs)
Conduct threat hunting using MITRE ATT&CK techniques
Support incident response investigations and root cause analysis

Risk Management & Controls
Maintain and update risk register
Perform risk assessments and business impact analysis
Recommend and implement security controls
Track remediation status and risk acceptance
Conduct password and secrets security assessments using tools such as Hashcat and John the Ripper.

Security Awareness, Policies & Documentation
Plan and deliver cyber security awareness training sessions for employees, contractors, and stakeholders
Develop training materials, phishing simulations, and awareness campaigns
Promote secure behavior and educate users on emerging threats (phishing, social engineering, ransomware, etc.)
Track training completion and effectiveness metrics
Create and maintain security policies, standards, procedures, and guidelines
Develop secure configuration baselines and hardening standards
Conduct security awareness inputs for stakeholders

Security Operations Support
Collaborate with DevOps, IT, and development teams to remediate issues
Validate fixes through retesting
Support secure SDLC initiatives

Frameworks & Standards Knowledge
Strong working knowledge of:
OWASP Top 10 (Web)
OWASP API Security Top 10
SANS Top 25 Software Errors
OSSTMM (Open Source Security Testing Methodology Manual)
MITRE ATT&CK Framework
Additional desirable frameworks:
NIST Cybersecurity Framework (CSF)
NIST SP 800-53 / 800-171
CIS Critical Security Controls
ISO/IEC 27001 & 27002
PCI DSS
SOC 2 Trust Services Criteria
Cloud Security Alliance (CSA CCM)

Skills and Qualifications:

Strong understanding of networking, protocols, and system security
Knowledge of authentication mechanisms (OAuth, SAML, JWT, MFA)
Familiarity with secure coding principles and common vulnerabilities
Ability to interpret logs and correlate events across platforms
Report writing with clear technical and executive summaries
Strong analytical and problem‑solving skills

Education & Certifications (Preferred)

Bachelor’s degree in Computer Science, Cyber Security, or related field
Relevant certifications such as:
CEH, OSCP, eJPT, PNPT
Security+, CySA+, CASP+
CCSP, CCSK (Cloud Security)
ISO 27001 Lead Implementer/Auditor
GIAC certifications (GPEN, GWAPT, GCIH, etc.)
Experience-
4+ years of hands‑on experience in cyber security or VAPT roles.
Proven experience delivering security assessments and remediation guidance
Experience working with cross‑functional teams and clients

Key Competencies
Attention to detail and strong documentation skills
Ability to prioritize multiple projects
Strong communication and stakeholder management
Ethical mindset and confidentiality awareness

Nice to Have
Experience in red teaming or adversary simulation
DevSecOps exposure and CI/CD security integration
Scripting skills (Python, PowerShell, Bash)
Experience with threat intelligence platforms
Knowledge of data privacy regulations and DPIA processes

Why Join Us:

Young Team, Thriving Culture
Flat-hierarchical, friendly, engineering-oriented, and growth-focused culture.
Well-balanced learning and growth opportunities
Free health insurance.
Office facilities with a game zone, in-office kitchen with affordable lunch service, and free snacks.
Sponsorship for certifications/events and library service.
Flexible work timing, leaves for life events, WFH and hybrid options

Submit Your Application

Apply With Resume *

First Name*

Middle Name

Last Name*

Email*

Mobile

Phone

What is your Total Experience?*

How many years of experience in penetration Testing?*

Do you have experience in web applications, mobile applications, and thick client security assessment? *

Do you have experience in cloud security (AWS/Azure)?

Which tools have you used for cloud security assessment or monitoring?

Do you have experience in AI & Application Security assessments of AI/LLM-based applications?

Do you have experience in Threat Monitoring & Analysis using using SIEM and EDR? (Sentinel, Splunk, ELK Stack, QRadar)

Do you have experience in Compliance & Governance? such as SOC 2, ISO 27001, HIPAA, GDPR, etc.

Do you have experience in Frameworks such as OWASP Web, API, SANS

Which domain have you worked in?:*

What is your Current CTC?*

What is your Expected CTC?*

What is your notice period?

Do you have any offer in hand? if yes please share the offer CTC details. *

When was your Last Appraisal? Please specify month and year*

Why are you looking for change?

Current Location

Current Company*

Current Designation*

Communication Skills*

PoorAverageGoodExcellent