Cyber Security Analyst - Penetration Tester

Cyber Security Analyst - Penetration Testing is responsible for performing security assessments for applications, infrastructure and emerging technologies, guiding product / service teams in secure design and implementation of IT systems.

Position responsibilities include:

.Perform Penetration tests for high-risk Enterprise IT assets.
.Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.
.Work with PDO team to define and agree the scope of the test.
.Perform Pen testing for web / mobile applications to verify security implementation and identify vulnerabilities this includes testing for broken access control, identification and authentication failures, injection, insecure design, security misconfiguration, cryptographic failures, usage of vulnerable and outdated components.
.Conduct penetration testing activities in an ethical and responsible manner, ensuring that the organization's systems are not negatively impacted by the testing.
.Assess the risk of identified vulnerabilities by evaluating likelihood and impact, propose countermeasures and remediation.
.Document and effectively communicate the technical findings and recommendations to non-technical stakeholders, such as management and business leaders, in a clear and understandable manner.
.Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
.Use Standard Operating Procedure (SOP) for securely conducting penetration testing studies.
.Develop, test, and maintain custom security testing scripts for vulnerability testing.
.Leverage industry best practices to continually improve process maturity.
.Promote awareness of security issues among application teams and business teams through training and awareness programs.
.Provide feedback for improving Penetration Testing tools and processes and continuously improve the testing methods.
.Staying up to date with the latest security trends, tools, and techniques to enhance penetration testing skills and knowledge.
.Stay updated on emerging technologies.

Skillset required:
.Experience in different Penetration Testing processes and tools with specialization in web and mobile applications and API services.
.Experience in security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.
.Knowledge of industry frameworks for penetration testing like OWASP, PTES, MITRE ATT&CK, Metasploit.
.Ability to understand complex information system architecture and business process and develop attack methods.
.Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
.Experience in deploying various attack methods and techniques (DDoS, brute force, spoofing, Injection attacks etc.).
.Experience in creating and extracting important information from packet captures.
.Knowledge and experience in applying cryptography, including encryption, hashing, key management, digital certificates, and TLS, to protect data and communications.
.Knowledge of computer networking concepts and protocols, and network security methodologies.
.Knowledge of cloud security, API security and AI security.
.Knowledge of identity and access management systems (e.g.: OAuth, OpenID, SAML).
.Knowledge of organization's information security policies, standards, and procedures.
.Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.
.Excellent analytical, communication, documentation, and presentation skills.
.Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.

Qualifications required:
.Bachelor's degree in computer science, Cyber Security, or related field of study
.2+ years of experience in Cyber Security or related fields of IT.
.Knowledge of Penetration Testing Framework such as OWASP, MITRE ATT&CK, Metasploit etc.
.Cyber security certifications like OSCP, CEH, GPEN, Pentest+ are highly desirable.