Roundglass - Cyber Security Analyst - SAST/DAST/VAPT (5-9 yrs)

What you'll do : -

Key Responsibilities

- Ensure the security of cloud-based infrastructure and applications.

- Implement and manage cloud security controls, monitoring, and compliance mechanisms.

- Conduct regular audits to detect misconfigurations and vulnerabilities in cloud environments.

- Perform regular vulnerability scans and assessments for applications, systems, and networks.

- Identify, analyze, prioritize, and remediate vulnerabilities in a timely manner.

- Develop and maintain a vulnerability management lifecycle.

- Monitor security incidents and alerts from various tools and systems.

- Investigate and respond to potential security breaches and threats.

- Develop incident response plans and conduct post-incident analysis.

- Conduct penetration testing of applications, APIs, and infrastructure to identify security weaknesses.

- Document and communicate findings with actionable remediation steps.

- Collaborate with development teams to address and resolve vulnerabilities.

Static and Dynamic Application Security Testing (SAST & DAST) :

- Integrate SAST and DAST tools into the CI/CD pipeline to detect vulnerabilities in code and applications.

- Analyze reports from these tools and work with developers to remediate identified issues.

- Continuously monitor and improve testing methodologies to stay ahead of evolving threats.

- Implement and maintain security policies, procedures, and standards.

- Conduct training and awareness programs for teams to ensure adherence to security protocols.

- Stay updated with industry standards, trends, and best practices in information security.

- Work closely with development, IT, and product teams to integrate security best practices into SDLC.

- Provide periodic security status reports to management, highlighting risks, metrics, and improvements.

Skills and Qualifications

- Education : B.Tech / MCA with Certifications such as CISSP/CISM, or equivalent is highly preferred.

Experience :

- 4-6 years of hands-on experience in cybersecurity roles, with a focus on cloud security, VAPT, SAST, and DAST.

- Strong understanding of OWASP Top 10, MITRE ATT&CK framework, and NIST cybersecurity framework.

- Proficiency in using tools like Burp Suite, Nessus/Rapid 7 Insight VM, Qualys, Metasploit, Checkmarks, SonarQube or similar for SAST and DAST.

Technical Expertise :

- Strong knowledge of cloud platforms (AWS, Azure) and their security features.

- Experience in configuring and managing SIEM, endpoint protection, and identity access management solutions.

- Familiarity with scripting languages (Python, Bash, etc.) for automation