Security Analyst

Core responsibilities:

• Lead offensive security engagements and projects
• Identify nuanced vulnerabilities in advanced systems
• Develop mitigation strategies for keeping our customers safe
• Develop comprehensive reports and presentations for our customers
• Improve team tradecraft, techniques, and tooling
• Provide technical mentorship for recent hires
• To perform and monitor test teams on-site and off-site for Vulnerability Assessments, Penetration Tests, Source code reviews, and Web Mobile (Android, iOS and Windows), Point-of-sale (POS), Cloud and API Security assessments
• Maintaining Vulnerability Management program consisting of activities such as External VA PCI (ASV) scan.
• Awareness on industry-standard security frameworks such as OWASP, NIST, SANS, etc.
• To conduct Penetration Testing on Cloud based technologies such as Kubernetes, containers etc. on Service providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) etc.
• Track project tasks of team members to ensure existing projects are completed as per the deadlines and provide availability of resources for new projects.
• Exposure in Internal PCI scan, WebSocket based Application Security Testing and other Vulnerability and Penetration Tests.
• To apply problem-solving skills to evaluate the potential security risks to the clients IT infrastructure and determine the possibility of impact as per clients use-case

Desired qualifications:

• 5+ years of cyber security experience
• Offensive security, red team, and penetration testing experience
• Experience with exploit development and/or reverse engineering
• Strong oral and written communication skills
• Ability to articulate how a Red Team operation should be scoped and what considerations are required for scoping
• Understanding of the Discovery phase of a Red Team operation, what tools might be used, what information is important, and what OPSEC considerations are necessary.
• Understanding of the general phases of a Red Team operation, their sequence, and purpose. Bonus points for using or knowing an established framework.
• Understanding of various attack paths, attack considerations, OPSEC requirements, and impacts to the target system.
• Wireless Controller Penetration Testing.
• Network-based attacks, pivoting, exploitation, and port forwarding.

+1 qualifications:

• Prior security consulting experience
• Familiarity with exploit development beyond Windows and for MacOS X or Linux environments
• Familiarity with command and control channel frameworks and deployment
• Familiarity with cloud technology and deployments (AWS, Azure, GCP)
• Familiarity with Reverse engineering malware, data obfuscators, or ciphers
• Track record in vulnerability research and CVE assignments
• BS in computer science, engineering, physics, or mathematics
• OSCP, OSCE, OSEE, or OSWE certifications

Desired behaviors:

• Customer centric focus with an obsessive need to wow and delight each client
• Relentless restlessness to improve service execution, service delivery, and the service practice
• Ability to maintain high levels of output and work ethic
• Personable individual who enjoys working in a team-oriented environment
• Comfort dealing with ambiguity in an environment where we build the plane as we fly it
• Ability to work within constraints and to challenge the status quo
• Ability to self-direct work, orient to action, and truly own the pos