Security Analyst

Role & responsibilities

Working as both an infrastructure security and application security specialist, the role is to work in web and mobile application security assessments, hands on techniques for identifying issues.

Security Assessments:

• Conduct comprehensive security assessments for web and mobile applications.
• Utilize hands-on techniques to identify and mitigate SQL injections, XSS, CSRF, authentication issues, and other vulnerabilities as per the OWASP Top 10.

Knowledge of Attack Vectors:

• Understand and mitigate attack vectors identified by OWASP, SANS, and NIST.
• Stay updated with the latest security threats and trends.

Security Technologies:

• Implement and manage Static Application Security Testing (SAST) tools.
• Demonstrate exceptional knowledge in network security, application security, and system security.

Operating Systems Expertise:

• Maintain outstanding knowledge of various operating systems, including UNIX, Windows, and macOS.
• Apply security best practices across different operating systems.

Dynamic Security Testing:

• Perform Dynamic Application Security Testing (DAST).
• Implement cryptographic techniques and authentication protocols to secure applications.

Tool Proficiency:

• Utilize both commercial and open-source security tools such as Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, BEEF, and MetaSploit for security testing and exploitation.
• Identify and exploit vulnerabilities in business logic frameworks.

Source Code Analysis:

• Execute source code analyzers to identify and remediate security vulnerabilities within the source code.

Advisory and Recommendations:

• Provide expert advice and recommendations to application development teams and vendors on security best practices and remediation strategies.

Team Handling and Client Communication:

• Demonstrate experience in team management.
• Exhibit strong communication skills for both internal collaboration and client interactions.

Network Infrastructure Security Testing:

• Conduct network infrastructure security testing to identify and mitigate potential security risks.
• Utilize tools and techniques to assess network vulnerabilities and ensure robust security posture.

Reporting Skills:

• Prepare detailed security assessment reports, including findings, risk levels, and recommended mitigations.
• Communicate findings and recommendations effectively to both technical and non-technical stakeholders.

Preferred candidate profile

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field.
• Relevant certifications (preferred but not mandatory): CEH, OSCP, GWAPT, CISSP, or Security+.
• Hands-on experience with Web & Mobile Application Security Testing.
• Knowledge of OWASP Top 10, API Security Best Practices, and Secure Coding Principles.
• Proficiency with security testing tools like Burp Suite, OWASP ZAP, Nmap, Metasploit, and SAST/DAST tools.
• Experience in manual and automated vulnerability assessments.
• Familiarity with secure development practices (DevSecOps, CI/CD security).
• Basic understanding of cloud security (AWS, Azure, GCP).
• Strong problem-solving and analytical skills.
• Ability to work with developers and DevOps teams to implement security best practices.
• Excellent communication and documentation skills.
• Willingness to learn and adapt in a fast-paced security environment.

Perks and benefits

💡 Cutting-Edge Security Work

• Work on real-world cybersecurity challenges across various industries.
• Hands-on experience with the latest security tools, frameworks, and methodologies.

🚀 Career Growth & Learning

• Opportunities to earn security certifications (CEH, OSCP, CISSP, etc.).
• Exposure to global security standards (ISO 27001, SOC 2, GDPR, NIST).

🤝 Collaborative & Supportive Work Culture

• A team of passionate security experts always ready to help.
• Flexible and open work environment where your ideas matter.
• Flat hierarchy that encourages innovation and ownership.