IT Security Analyst

Job Description

• Conduct in-depth penetration testing of cloud environments (AWS, Azure, GCP), focusing on identifying complex vulnerabilities and security misconfigurations.

• Perform penetration testing of containerized applications (Docker, Kubernetes) and serverless architectures.

• Develop and execute custom penetration testing methodologies and tools to simulate real-world attacks.

• Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).

• Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for static and dynamic analysis.

• Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, and network simulation.

• Perform comprehensive security assessments of RESTful and other API architectures.

• Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.

• Perform security testing for distributed systems and microservices.

• Expert knowledge of hacking authentication methods such as OAuth, SAML, and JWT.

• Knowledge of macOS and Windows Active Directory systems and their security implications.

• Deep understanding of Linux operating systems and their security implications.

• Ability to analyze and understand complex software architectures and codebases.

• Work closely with software engineers to provide security guidance and recommendations.

• Basic knowledge of Python or Go programming languages for scripting and tool development.

• Collaborate effectively with cross-functional teams, including software engineers, cloud architects, and security professionals.

• Communicate security findings and recommendations clearly and concisely to both technical and non-technical audiences.

• Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack techniques.

• Conduct security research and develop new penetration testing methodologies.

• Have experience in threat modelling, red/blue teaming, working with best-in-class independent engineering teams.

Nice-to-Have:

• Administer and optimize Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools.

• Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection.

• Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments.

• Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.

Qualifications

• BA or BSc. in Computer Science, Information Security, or a related field.

• 6+ years of experience in penetration testing, with a strong focus on cloud security.

• Expert-level knowledge of cloud platforms (AWS, Azure, GCP) and their security services.

• Proven experience in API security testing and authentication hacking.

• Strong understanding of Linux, macOS and Windows Active directory operating systems and software development practices.

• Proficiency in using penetration testing tools and frameworks, including commercial tools like Checkmarx, Invicti, and Synopsys etc.

• Excellent communication and collaboration skills.

• Deep understanding of the MITRE ATT&CK framework.

• Experience working in a software development environment.

Nice-to-Have:

• Relevant security certifications (e.g., OSCP, OSCE, GPEN, GWAPT).

• Experience with CSPM and SSPM tools.

Additional Information

All your information will be kept confidential according to EEO guidelines.