Offensive Security Analyst

• Conducting vulnerability assessments and penetration testing to identify security weaknesses across infrastructure and applications.
• Perform offensive security activities, including red teaming exercises, to simulate real-world cyber-attacks and evaluate the effectiveness of defensive measures.
• Knowledge of current attack methods, manual penetration testing techniques, tools (e.g., Nessus, Nmap, Metasploit, Kali Linux, Sonar, Burp Suite etc.).
• Staying current with new attack vectors and tools, and incorporating them into testing procedures
• Work closely with the cross-domain teams to resolve security issues and suggest appropriate fixes.
• Documenting and reporting findings, including recommendations for remediation and liaising with internal stakeholders for closure.
• In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security concepts, along with common application security risks.
• Perform in-depth manual and automated static secure code analysis with open source and commercial tools.
• Automate common testing techniques to improve efficiency and write technical and executive reports.
• Any other related duty assigned by Line Manager/HOD Information Security.

Requirements

• 0-3 years of experience in Cyber Security specific to vulnerability assessment & penetration testing.
• Bachelor’s degree in engineering/ information security/ cybersecurity/ computer science related field required.
• Knowledge and understanding of common information security management frameworks, such as ISO/IEC 27001, NIST, OWASP and other standards & practices.
• In-depth knowledge of application security principles, including common vulnerabilities such as OWASP Top 10, ASVS.
• Experience conducting vulnerability assessments and penetration tests using industry-standard tools and methodologies, such as Sonar, Burp Suite, Metasploit, Nmap, and Nessus.
• Strong understanding of cryptographic principles and encryption algorithms, as well as secure communication protocols such as HTTPS.
• Ability to interpret and analyze application source code, configuration files, and network traffic logs to identify security issues and recommend remediation strategies.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills.
• Ability to work effectively in a fast-paced, project-oriented environment.

Benefits

• Competitive salary
• Fuel Card
• Health benefits
• Professional development opportunities
• Inclusive work culture & much more