Security Analyst

Job Summary

This position exposes a candidate to the best of both worlds - Penetration Testing as well Developing Prototype tools to assist in the testing phase. This position includes research and prototype development of automated cyber security testing and security data analytics tools used in the assessment of enterprise network segments and web applications. The selected candidate will also participate in cyber security penetration testing engagements in order to establish subject matter expertise.

Duties and Responsibilitie

• sConduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications
• .Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means
• .Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders
• .Develop and execute detailed test plans and methodologies for conducting penetration tests
• .Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities
• .Manage project timelines, deadlines, and expectations including client interaction
• sStay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security
• .Assist in the development and improvement of security policies, procedures, and guidelines
• .Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization. Having proficient knowledge in MITRE ATT&CK framework
• .Maintain accurate and detailed documentation of testing activities, findings, and recommendations
• .Prepare reports documenting identified issues based on internal templates
• .Interact with clients to deliver results, provide feedback, and remediation recommendations on findings
• .Research emerging security topics and new attack vector
• sPerform and review the hardening of the systems and network devices
• .Supports the team and lead analyst in custom penetration test projects as required
• .Participates in required client communication, kick-off calls, data analysis, and findings presentation both remotely and in person
• .Assists developers and server administrators on coding best practices, secure configurations, and remediation best practices
• .Provides assistance to Operations team for debugging, exploitation and vulnerability analysis
• .Contributes to the design of penetration test report deliverables, constantly evaluating effectiveness of report outline

.
Qualificatio

nsMinimum qualificatio

• nsBachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience
• ).At least 2-5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructur
• e.Experienced with programming/scripting languages (e.g.: Python, Bash, Rus
• t)In-depth knowledge of various penetration testing tools, frameworks and OS (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.
• ).Good understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation technique
• s.Familiarity with industry standards and frameworks such as OWASP top 10, CVE, CWE, SANS, OSSTMM, and NIS
• T.Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilitie
• s.Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholde

rsPreferred qualification

• s:GIAC, OSCP, OSEP, HTB Certifications, CEH, CompTIA Pentest+, CRTP, CRTE or any equivalent security certifications are preferre