Position Overview
WhizHack Technologies is hiring a full-time Certified Ethical Hacker (CEH)/OSCP for a permanent position at Mhow, Madhya Pradesh, focused on hands-on offensive security, scenario development for cyber ranges, and continuous skill development using platforms like TryHackMe and similar labs
Job Title and Location
- Job Title: Cyber Security Engineer
- Employment Type: Permanent, Full-time
- Location: Onsite – Mhow, Madhya Pradesh, India
About WhizHack Technologies
WhizHack Technologies is a pioneering cybersecurity company from India delivering vertically integrated solutions for IT, OT, and IoT environments, combining products, managed services, and advanced cyber skills development.
Key Responsibilities
- Plan and execute web, network, cloud, and on‑premises infrastructure penetration tests and red‑team engagements, aligning scenarios with client threat models and business processes.
- Develop realistic attack scenarios, cyber ranges, labs, and capture‑the‑flag (CTF) style exercises for internal training programs and client cyber range environments across varying skill levels.
- Use platforms such as TryHackMe, Hack The Box, and similar hands‑on labs to design, customize, and evaluate structured learning paths tailored for beginner, intermediate, and advanced security practitioners.
- Perform end‑to‑end vulnerability assessments including discovery, validation, exploitation, and proof‑of‑concept (PoC) demonstrations, providing clear risk ratings, business impact narratives, and prioritized remediation guidance.
- Collaborate closely with SOC, blue team, incident response, and product engineering teams to simulate adversary tactics, techniques, and procedures (TTPs), enhance detections, and validate effectiveness of security controls.
- Design and facilitate purple‑team exercises to map detections to frameworks such as MITRE ATT&CK, reduce detection gaps, and refine response playbooks.
- Prepare detailed technical reports and exploit walkthroughs for security engineers, as well as concise executive summaries that communicate risk, impact, and remediation priorities to non‑technical stakeholders.
- Present assessment findings, PoCs, and recommended mitigation strategies to client leadership, security committees, and development/DevOps teams, adapting communication style to the audience.
- Stay current with the latest exploits, attack techniques, and offensive security tools aligned with the CEH and broader offensive security curriculum (e.g., OSCP‑style TTPs, cloud and API attacks, supply‑chain and CI/CD).
- Integrate penetration testing and red‑team findings with SIEM, EDR, XDR, and SOAR platforms to validate alert coverage, correlation rules, and automated response workflows.
- Design tests that generate realistic telemetry across endpoints, networks, identity providers, and cloud services, ensuring detections are visible in SIEM and curated effectively in XDR.
- Work with SOC analysts to tune SIEM rules, EDR policies, and XDR incident logic based on red‑team outcomes, reducing false positives and improving mean time to detect (MTTD) and mean time to respond (MTTR).
- Demonstrate strong knowledge of Windows, Linux, and common enterprise architectures (including Active Directory, virtualization, and containerized workloads) to design realistic attack chains and lateral movement paths.
- Assess and exploit security weaknesses in CI/CD pipelines, infrastructure‑as‑code configurations, cloud‑native services, and DevOps tooling as part of DevSecOps‑aligned red‑team exercises.
- Partner with development, DevOps, and SRE teams to embed security controls into SDLC and CI/CD processes, including secure coding practices, automated security testing, and hardening of build and deployment pipelines.
- Provide actionable guidance to development and platform teams on secure configuration, patch management, secret management, and least‑privilege design across OS, containers, and cloud resources.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
- 2–4 years of hands-on experience in ethical hacking, VAPT, or red teaming in enterprise environments.
- Valid CEH (Certified Ethical Hacker) certification from EC-Council (v12 or above preferred).
- Strong practical experience with platforms like TryHackMe and similar hands-on labs (e.g., Hack The Box, PortSwigger Academy), with demonstrable profiles or completed paths.
- Proficiency with common offensive security tools such as Nmap, Burp Suite, Metasploit, Kali Linux toolset, and scripting (Python, Bash, or PowerShell).
- Solid understanding of networking, OS internals (Windows/Linux), web application security, OWASP Top 10, and secure configuration baselines.
Preferred Skills
- Experience creating or moderating cyber range scenarios, CTFs, or lab exercises for training purposes.
- Exposure to cloud (AWS, Azure, GCP) security assessments and containerized environments.
- Familiarity with SIEM/SOAR tools and working closely with SOC teams to test and tune detections.
- Additional certifications like OSCP, eJPT, or equivalent will be a strong plus.
Behavioral Competencies
- Strong problem-solving mindset with curiosity to explore and exploit complex systems responsibly.
- Ability to work independently at a client site, coordinate with distributed teams, and manage timelines for assessments and reporting.
- Excellent written and verbal communication skills, with a focus on clarity and professionalism in client-facing environments.
Employment Type and Benefits
- Permanent position under WhizHack Technologies with deployment at Mhow, Madhya Pradesh.
Competitive compensation aligned with experience, performance-based incentives, and support for advanced cybersecurity certifications and continuous learning.
Pay: ₹347,306.81 - ₹1,638,776.53 per year
Work Location: In person