IT Security Analyst

Who Youll Work With

In this role you will collaborate closely with internal teams such as IT Legal Compliance and HR to assess and manage risks affecting business operations. You will work directly with security teams including network security cloud security and security operations to align risk management efforts and identify vulnerabilities. You will also partner with the Compliance team to ensure adherence to regulatory requirements and industry best practices and regularly communicate with senior management to report on risk assessments mitigation strategies and opportunities for improvement across the organization.

What Youll Do

• Conduct indepth penetration testing of cloud environments (AWS Azure GCP) focusing on identifying complex vulnerabilities and security misconfigurations.
• Perform penetration testing of containerized applications (Docker Kubernetes) and serverless architectures.
• Develop and execute custom penetration testing methodologies and tools to simulate realworld attacks.
• Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite Cobalt Strike Metasploit etc..
• Utilize commercial security tools such as Checkmarx Invicti and Synopsys for static and dynamic analysis.
• Familiarity with security frameworks and approaches such as SAST DAST fuzzing propertybased testing symbolic and network simulation.
• Perform comprehensive security assessments of RESTful and other API architectures.
• Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.
• Perform security testing for distributed systems and microservices.
• Expert knowledge of hacking authentication methods such as OAuth SAML and JWT.
• Knowledge of macOS and Windows Active Directory systems and their security implications.
• Deep understanding of Linux operating systems and their security implications.
• Ability to analyze and understand complex software architectures and codebases.
• Work closely with software engineers to provide security guidance and recommendations.
• Basic knowledge of Python or Go programming languages for scripting and tool development.
• Collaborate effectively with crossfunctional teams including software engineers cloud architects and security professionals.
• Communicate security findings and recommendations clearly and concisely to both technical and nontechnical audiences.
• Stay uptodate on the latest cloud security threats vulnerabilities and attack techniques.
• Conduct security research and develop new penetration testing methodologies.
• Have experience in threat modelling red/blue teaming working with bestinclass independent engineering teams.

NicetoHave:

• Administer and optimize Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools.
• Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection.
• Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments.
• Configure deploy and maintain Web Application Firewalls (WAF) in production and development environments.

Qualifications :

• BA or BSc. in Computer Science Information Security or a related field.
• 6 years of experience in penetration testing with a strong focus on cloud security.
• Expertlevel knowledge of cloud platforms (AWS Azure GCP) and their security services.
• Proven experience in API security testing and authentication hacking.
• Strong understanding of Linux macOS and Windows Active directory operating systems and software development practices.
• Proficiency in using penetration testing tools and frameworks including commercial tools like Checkmarx Invicti and Synopsys etc.
• Excellent communication and collaboration skills.
• Deep understanding of the MITRE ATT&CK framework.
• Experience working in a software development environment.

NicetoHave:

• Relevant security certifications (e.g. OSCP OSCE GPEN GWAPT).
• Experience with CSPM and SSPM tools.

Additional Information :

Arista Networks is an equal opportunity employer.  Arista makes all hiring and employmentrelated decisions in a nondiscriminatory manner without regard to race color religion sex sexual orientation gender identity national origin or any other factor determined to be unlawful under applicable federal state or law law.  All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Fulltime