Security Analyst

ABOUT US

Datacultr is a global Digital Operating System for Risk Management and Debt Recovery, we drive Collection Efficiencies, Reduce Delinquencies and Non-Performing Loans (NPL's). Datacultr is a Digital-Only provider of Consumer Engagement, Recovery and Collection Solutions, helping Consumer Lending, Retail, Telecom and Fintech Organizations to expand and grow their business in the under-penetrated New to Credit and Thin File Segments.

We are helping millions of new to credit consumers, across emerging markets, access formal credit and begin their journey towards financial health. We have clients across India, South Asia, South East Asia, Africa and LATAM.

Datacultr is headquartered in Dubai, with offices in Abu Dhabi, Singapore, Ho Chi Minh City, Nairobi, and Mexico City; and our Development Center is located out of Gurugram, India.

ORGANIZATION'S GROWTH PLAN

Datacultr's vision is to enable convenient financing opportunities for consumers, entrepreneurs and small merchants, helping them combat the Socio-economic problems this segment faces due to restricted access to financing.

We are on a mission to enable 35 million unbanked & under-served people, access financial services by the end of 2026.

Position Overview

We are seeking a Security Analyst with hands-on experience in vulnerability assessment & penetration testing (VAPT), specifically across web, mobile, API, and infrastructure environments. The ideal candidate will be responsible for proactively identifying security vulnerabilities, performing risk analysis, and collaborating with engineering teams to ensure secure product development and deployment.

This role requires strong technical security expertise, deep understanding of OWASP methodologies, and the ability to deliver clear remediation guidance. Experience in bug bounty or offensive security research is an added advantage.

Core Responsibilities

Vulnerability Assessment & Penetration Testing

• Conduct comprehensive VAPT across web applications, mobile applications (Android/iOS), APIs, networks, and supporting infrastructure.
• Identify, exploit, and document security weaknesses including OWASP Top 10 vulnerabilities.
• Execute manual and automated security testing with industry-standard tools (Burp Suite, OWASP ZAP, Nmap, Wireshark, etc.).

Security Reporting & Documentation

• Prepare detailed technical security reports aligned with CWE, CVSS, and OWASP standards.
• Communicate findings, risk levels, and mitigation steps clearly to engineering and product teams.

Security Collaboration & Remediation Support

• Work closely with development and DevOps teams to guide remediation of vulnerabilities.
• Provide secure coding and hardening best practices to internal teams.

Continuous Improvement & Threat Research

• Continuously evaluate new security threats, tools, and techniques.
• Contribute to internal security processes, automation efforts, and knowledge-sharing initiatives.
• Participate in internal red-team exercises and security drills.

Key Requirements

• 14 years of experience in cybersecurity/VAPT.
• Strong understanding of OWASP Top 10, Secure SDLC, CVSS scoring, and industry security frameworks.
• Experience with testing tools such as:
• Burp Suite, OWASP ZAP, Nessus, Nmap, Wireshark, Metasploit, Kali Linux.
• Hands-on experience in web, API, and mobile application security testing.
• Familiarity with server/network fundamentals (Windows/Linux).
• Excellent problem-solving skills and ability to translate findings into actionable recommendations.
• Certifications such as CEH, OSCP, CRTA, CNDA, eJPT (preferred but not mandatory).

What We Offer

• Competitive compensation structure
• Exposure to global financial clients and next-gen SaaS technologies.
• Collaborative, innovation-focused environment.
• Comprehensive health and wellness benefits.

Location & Work Model

• Gurgaon
• Work from Office
• Immediate joining possible

Kindly share your updated profile with us at [Confidential Information] to guide you further with this opportunity.