Senior SME - Cloud, Application Security Testing & Penetration Testing

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Join Kyndryl as a Penetration Testing Associate and embark on an exhilarating journey where you'll wield your strategic vision and hands-on expertise to revolutionize our approach to cybersecurity. As an integral part of our team, you'll take charge of the entire lifecycle of customer engagements, transforming the way we safeguard businesses in the digital realm.

At Kyndryl, we believe that staying ahead of the game is essential. As a Penetration Testing Associate, you'll embark on an ongoing journey of discovery, continually learning and exploring new methodologies, staying abreast of the latest security threats, attack techniques, and tools. We encourage and support your relentless pursuit of knowledge, because it is through your unyielding dedication that we can deliver unrivaled protection to our customers.

• Own the quality assurance process for all deliverables from testing team on ground.
• Review and validate assessment test plans and final reports for completeness and accuracy.
• Ensure high and critical findings are correctly identified and documented.
• Evaluate test case coverage to ensure comprehensive security assessments across web, mobile apps, and APIs.

• Act as the escalation point for complex technical issues and disputes.
• Provide expert guidance on cloud-native application security testing and penetration testing methodologies.
• Validate accuracy and testing coverage, specially for high and critical findings
• Support on ground testing resources through targeted training and mentorship.

• Demonstrate deep understanding of how cloud services (IaaS, PaaS, SaaS) function behind applications.
• Ensure testing strategies account for cloud-native components such as serverless functions, containers, API gateways, identity services, and storage configurations.

• Ensure all testing activities comply with industry standards such as OWASP, NIST, CSA, CIS Benchmarks, etc.
• Maintain alignment with enterprise security policies and DevSecOps practices.
• Liaise with enterprise security, DevSecOps, and cloud platform teams to ensure strategic alignment and timely resolution of issues.

• Serve as the central point of contact for customer escalations, including technical disputes, delays, and high-priority issues.
• Collaborate with internal and external stakeholders to ensure governance objectives are met.

• OSCP - Offensive Security Certified Professional
• CEH - Certified Ethical Hacker
• CCSP - Certified Cloud Security Professional
• GIAC GPEN / GWAPT / GCPN - GIAC Penetration Testing, Web App Pen Testing, Cloud Pen Testing
• AWS Certified Security - Specialty, Azure Security Engineer Associate, or equivalent cloud platform certifications
• At least one cloud certification is must

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of experience in cloud security, application security testing, and penetration testing.
• Proven experience in testing web, mobile applications, and APIs hosted on cloud platforms.
• Strong understanding of cloud architecture and services (AWS, Azure, GCP).
• Familiarity with security frameworks (OWASP, NIST, CSA, CIS).
• Experience in technical governance and quality assurance.
• Excellent communication and stakeholder management skills.
• Hands-on experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Postman, Nessus, Metasploit).
• Good communication skills and stakeholder management experience
• Ability to work independently and manage multiple tasks simultaneously.
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.