Cyber Security Analyst - Penetration Tester

Cyber Security Analyst – Penetration Testing is responsible for performing security assessments for applications, infrastructure and emerging technologies, guiding product / service teams in secure design and implementation of IT systems.

Position responsibilities include:

•    Perform Penetration tests for high-risk Enterprise IT assets.
•    Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities. 
•    Work with PDO team to define and agree the scope of the test.
•    Perform Pen testing for web / mobile applications to verify security implementation and identify vulnerabilities; this includes testing for broken access control, identification and authentication failures, injection, insecure design, security misconfiguration, cryptographic failures, usage of vulnerable and outdated components.
•    Conduct penetration testing activities in an ethical and responsible manner, ensuring that the organization's systems are not negatively impacted by the testing.
•    Assess the risk of identified vulnerabilities by evaluating likelihood and impact, propose countermeasures and remediation.
•    Document and effectively communicate the technical findings and recommendations to non-technical stakeholders, such as management and business leaders, in a clear and understandable manner.
•    Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
•    Use Standard Operating Procedure (SOP) for securely conducting penetration testing studies.
•    Develop, test, and maintain custom security testing scripts for vulnerability testing.
•    Leverage industry best practices to continually improve process maturity.
•    Promote awareness of security issues among application teams and business teams through training and awareness programs.
•    Provide feedback for improving Penetration Testing tools and processes and continuously improve the testing methods.
•    Staying up to date with the latest security trends, tools, and techniques to enhance penetration testing skills and knowledge.
•    Stay updated on emerging technologies.

Skillset required:
•    Experience in different Penetration Testing processes and tools with specialization in web and mobile applications and API services.
•    Experience in security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques. 
•    Knowledge of industry frameworks for penetration testing like OWASP, PTES, MITRE ATT&CK, Metasploit.
•    Ability to understand complex information system architecture and business process and develop attack methods.
•    Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
•    Experience in deploying various attack methods and techniques (DDoS, brute force, spoofing, Injection attacks etc.).
•    Experience in creating and extracting important information from packet captures.
•    Knowledge and experience in applying cryptography, including encryption, hashing, key management, digital certificates, and TLS, to protect data and communications.
•    Knowledge of computer networking concepts and protocols, and network security methodologies.
•    Knowledge of cloud security, API security and AI security.
•    Knowledge of identity and access management systems (e.g.: OAuth, OpenID, SAML). 
•    Knowledge of organization's information security policies, standards, and procedures.
•    Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy. 
•    Excellent analytical, communication, documentation, and presentation skills.
•    Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.

Qualifications required:
•    Bachelor’s degree in computer science, Cyber Security, or related field of study
•    2+ years of experience in Cyber Security or related fields of IT.
•    Knowledge of Penetration Testing Framework such as OWASP, MITRE ATT&CK, Metasploit etc.
•    Cyber security certifications like OSCP, CEH, GPEN, Pentest+ are highly desirable.