Cyber Security Analyst Penetration Tester

Cyber Security Analyst Penetration Testing is responsible for performing security assessments for applications infrastructure and emerging technologies guiding product / service teams in secure design and implementation of IT systems.

Position responsibilities include:

Perform Penetration tests for high-risk Enterprise IT assets.
Gain understanding of the business process application architecture IT infrastructure and interaction with external entities.
Work with PDO team to define and agree the scope of the test.
Perform Pen testing for web / mobile applications to verify security implementation and identify vulnerabilities; this includes testing for broken access control identification and authentication failures injection insecure design security misconfiguration cryptographic failures usage of vulnerable and outdated components.
Conduct penetration testing activities in an ethical and responsible manner ensuring that the organizations systems are not negatively impacted by the testing.
Assess the risk of identified vulnerabilities by evaluating likelihood and impact propose countermeasures and remediation.
Document and effectively communicate the technical findings and recommendations to non-technical stakeholders such as management and business leaders in a clear and understandable manner.
Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated validated and implemented as required.
Use Standard Operating Procedure (SOP) for securely conducting penetration testing studies.
Develop test and maintain custom security testing scripts for vulnerability testing.
Leverage industry best practices to continually improve process maturity.
Promote awareness of security issues among application teams and business teams through training and awareness programs.
Provide feedback for improving Penetration Testing tools and processes and continuously improve the testing methods.
Staying up to date with the latest security trends tools and techniques to enhance penetration testing skills and knowledge.
Stay updated on emerging technologies.

Skillset required:
Experience in different Penetration Testing processes and tools with specialization in web and mobile applications and API services.
Experience in security assessment risk management processes cyber security threats vulnerabilities attack methods and techniques.
Knowledge of industry frameworks for penetration testing like OWASP PTES MITRE ATT&CK Metasploit.
Ability to understand complex information system architecture and business process and develop attack methods.
Knowledge of cyber-attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks).
Experience in deploying various attack methods and techniques (DDoS brute force spoofing Injection attacks etc.).
Experience in creating and extracting important information from packet captures.
Knowledge and experience in applying cryptography including encryption hashing key management digital certificates and TLS to protect data and communications.
Knowledge of computer networking concepts and protocols and network security methodologies.
Knowledge of cloud security API security and AI security.
Knowledge of identity and access management systems (e.g.: OAuth OpenID SAML).
Knowledge of organizations information security policies standards and procedures.
Knowledge of laws regulations policies and ethics related to cybersecurity and privacy.
Excellent analytical communication documentation and presentation skills.
Knowledge of emerging technologies like AI/ML Zero Trust LCNC etc. and willingness to learn new technologies and concepts.

Qualifications required:
Bachelors degree in computer science Cyber Security or related field of study
2 years of experience in Cyber Security or related fields of IT.
Knowledge of Penetration Testing Framework such as OWASP MITRE ATT&CK Metasploit etc.
Cyber security certifications like OSCP CEH GPEN Pentest are highly desirable.