Job Description
We are seeking an Offensive Security Analyst to conduct advanced assessments across Web, Mobile, APIs, and authentication protocols. The role involves penetration testing, source code reviews, red teaming, and adversary emulations on diverse infrastructures. You will develop methodologies, testing scripts, and deliver both executive and technical reports with actionable recommendations.
Additional expertise in CI/CD security, cloud environments, Active Directory, and bug bounty hunting is highly valued.
Responsibilities
- Conduct security assessments on Authentication Protocols
- Conduct security assessments on Web, Mobile and APIs REST/SOAP/GraphQL.
- Perform Source code review for applications developed in different languages.
- Perform penetration tests on both public and private network infrastructure assets.
- Conduct adversary emulations and red teaming exercises, both internally and externally.
- Develop testing scripts and procedures to fulfil comprehensive assessment requirements.
- Produce executive and technical reports and provide recommendations based on findings.
- Develop methodology documents and pre-engagement questionnaires for Penetration Testing and Vulnerability Assessment projects.
About SHQ
SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ We're focused on engineering cybersecurity, by design.
Job Reference Number
IN071
Essential Skills
- A minimum of 2 years of professional experience in Application Pentesting.
- Development or scripting experience and skills.
- Strong knowledge of Web, Mobile and API Security assessments and Source code Review of application
- Excellent communication skills and ability to clearly articulate complex security issues.
- Ability to work with minimal levels of supervision or oversight.
Additional Skills
- Knowledge of CI/CD pipelines and integrating security testing into DevOps workflows.
- Knowledge of Cloud Security Assessments (AWS/Azure/GCP/other).
- Knowledge of Active Directory and Exploitation.
- Familiarity with Malware Development & Defense Evasion.
- Experience with hunting in Bug Bounty programs.
Education Requirements
- Bachelor's in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree.
- At least one of the following certifications is preferred: Portswigger BSCP, OffSec OSCP, TCM PNPT, HTB CPTS, HTB CWEE
