Senior Security Engineer – Compliance & Penetration Testing

About the Role

We are looking for a skilled and proactive Security Engineer – Compliance & Penetration Testing with 3–4 years of hands-on experience in cybersecurity, penetration testing, and security compliance. The ideal candidate will play a key role in identifying vulnerabilities, supporting security assessments, and ensuring organizational compliance with industry security standards and best practices.

This role requires a balanced understanding of both offensive security testing and security governance/compliance frameworks, along with the ability to collaborate across technical and business teams.

Key Responsibilities

• Perform web, API, network, and infrastructure penetration testing engagements
• Conduct vulnerability assessments using both manual and automated testing techniques
• Identify, validate, and document security vulnerabilities with remediation recommendations
• Support compliance initiatives related to ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, or similar frameworks
• Assist in internal security audits, risk assessments, and compliance reviews
• Evaluate applications and systems against OWASP Top 10 and security best practices
• Collaborate with development, DevOps, and infrastructure teams to improve security posture
• Participate in secure SDLC activities and provide security recommendations during the development lifecycle
• Create detailed technical reports, including findings, risk ratings, proofs-of-concept, and mitigation plans
• Monitor emerging vulnerabilities, security threats, and compliance requirements
• Support implementation and maintenance of security policies, procedures, and documentation
• Assist in incident investigation and security monitoring activities when required

Technical Skills & Requirements

• 3–4 years of experience in cybersecurity, penetration testing, vulnerability assessment, or security compliance
• Strong understanding of OWASP Top 10 vulnerabilities and remediation techniques
• Hands-on experience with security testing tools such as:
  • Burp Suite
  • Nmap
  • Nessus
  • Wireshark
  • SQLMap
  • Metasploit
  • Nikto
• Understanding of:
  • Web application and API security
  • Network security concepts and protocols
  • Linux and Windows operating systems
  • Authentication, authorization, and session management
• Familiarity with compliance and governance frameworks:
  • ISO 27001
  • SOC 2
  • GDPR
  • HIPAA
  • PCI-DSS
• Basic scripting or automation knowledge in Python, Bash, or PowerShell is a plus
• Understanding of cloud security concepts (AWS, Azure, or GCP) is preferred
• Strong analytical, documentation, and reporting skills

Preferred Certifications

• CEH (Certified Ethical Hacker)
• eJPT / eCPPT
• Security+
• ISO 27001 Lead Implementer / Lead Auditor
• OSCP (Plus)

Job Details

• Position: Security Engineer – Compliance & Penetration Testing
• Experience: 3–4 Years
• Location: Lahore (Hybrid)
• Department: Cyber Security & Compliance

About TekHQS

TEKHQS is a global AI-driven technology solutions provider headquartered in Lake Forest, California, with a 300+ expert team operating across multiple countries. We specialize in SaaS, Cloud, AI/ML, Blockchain/Web3, DevOps, ERP solutions (SAP S/4HANA, Oracle NetSuite, Microsoft Dynamics 365), and enterprise technology services.

At TEKHQS, you'll work on cutting-edge global projects, collaborate with experienced professionals, and gain exposure to advanced technologies within a fast-growing international environment.