IS Analyst- VAPT
IS Analyst- VAPT
Posted on :
06-07-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
The IS Analyst- VAPT position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. The IS Analyst- VAPT position consults with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. The position reports to the Information Security Manager in India.
Duties/Responsibilities:
- Key member of the GCS IS Ethical Hacking & Data Protection Team
- Perform and facilitate network and application penetration tests for internal teams on a variety of technologies.
- Perform threat models and security consultations with internal teams to advise on security best practices.
- Develop remediation recommendations for IT administrators and developers tailored to their environment and business needs.
- Deliver high quality and actional reports for a diverse audience of IT administrators and developers.
- Monitor for vulnerability trends across the enterprise and notify leadership about opportunities for improvement.
- Recommend security enhancements and purchases consistent with information security strategy and evolving threats for business units supported.
- Keep up to date on information security threats and countermeasures and advise technical staff.
- Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain.
Required Skills & Attributes:
- Experience with BurpSuite and other web attack proxies.
- Exhibit skills in the Vulnerability Management lifecycleincluding vulnerability scanning penetration testing red team engagements remediation and validation.
- Technical skills proficiency in the following areas:
- Web application penetration testing
- Advanced ability to understand application diagrams and consult on security best practices.
- Advanced understanding of web application vulnerabilities such as XSS SQLi iDOR and others in the OWASP Top 10.
- Experience with penetration testing tools such as BurpSuite Fiddler ZAP Metasploit and exploitDB.
- Strong proficiency in Linux.
- Understanding of cloud services (Azure AWS) and their role in creating a secure application environment.
- Strong English verbal and written communication skillsincluding the ability to prepare documentation and ability to clearly and effectively communicate Information Security matters to executives auditors and end users.
- Strong ability to work in a teameffectively and collaborate across multiple time zones.
Required Qualifications:
- Bachelors degreeor equivalent experienceand05 yearsapplication penetration testing and/or red teaming experience.
Preferred Skills & Attributes:
- One (or more) relevant certifications:GPENi GWAPTiiOSCPiii CPTEiv ITVAv CISSPvi
- CTF experience (HackTheBox VulnHub OverTheWire etc)
- Experience with ISO 27001/2 or other information security industry regulatory controls and compliance.
- Ability to interpret information security data and processes to identify potential compliance issues.
- Decision-making and problem solving skills including the ability to clearly define and resolve issues.
- Assertive and proactive in identifying and resolving issues and concerns.
- Excellent time management skills including the ability to prepare prioritize and complete work plans.
- Ability to work with geographically diverse offices in a global organization with a willingness to work offset hours occasionally to accommodate time zones.
Required Experience:
IC
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
