Senior Security Engineer – Compliance & Penetration Testing

About the role

We are seeking a proactive Senior Security Engineer specializing in compliance and penetration testing to join our Cyber Security & Compliance team in Lahore. The role blends offensive security testing with governance responsibilities, ensuring our systems meet industry standards while identifying and mitigating vulnerabilities.

Key responsibilities

• Perform web, API, network, and infrastructure penetration testing engagements.
• Conduct vulnerability assessments using manual and automated techniques.
• Identify, validate, and document security findings with remediation recommendations.
• Support compliance initiatives for ISO 27001, SOC 2, GDPR, HIPAA, PCI‑DSS and assist in internal audits.
• Evaluate applications against the OWASP Top 10 and security best practices.
• Collaborate with development, DevOps, and infrastructure teams to improve security posture.
• Participate in secure SDLC activities and provide security guidance throughout the development lifecycle.
• Produce detailed technical reports including risk ratings, proofs‑of‑concept and mitigation plans.
• Monitor emerging threats, assist with incident investigations and maintain security policies.

Required profile

• 3–4 years of hands‑on experience in cybersecurity, penetration testing or security compliance.
• Strong understanding of OWASP Top 10 vulnerabilities and remediation techniques.
• Experience supporting ISO 27001, SOC 2, GDPR, HIPAA or PCI‑DSS compliance efforts.
• Basic scripting or automation knowledge (Python, Bash or PowerShell) is a plus.
• Preferred certifications: CEH, eJPT/eCPPT, Security+, ISO 27001 Lead Implementer/Auditor, OSCP.

Required skills

• Burp Suite, Nmap, Nessus, Wireshark, SQLMap, Metasploit, Nikto.
• Web application and API security, network security concepts and protocols.
• Linux and Windows operating systems.
• Authentication, authorization and session management.
• Cloud security concepts (AWS, Azure, GCP).