Security analyst - vapt

Posted: May 18, 2024, 9:16 a.m. - Full Time - Mumbai

Job Responsiblities * Manual and automated security testing of Web applications, APIs, and Mobile Applications. * Static and Dynamic testing (SAST & DAST) of thick clients / applications * Develop Proof-of-Concept (PoC) for the identified vulnerabilities. * Provide remediation guidance to identified vulnerabilities. * Develop and execute security testing project plans. * Incorporate metrics providing comprehensive insight about the security posture of an organization that will help senior management with decision making. * Build and maintain strong relationships with key stakeholders.

Technical Skillsets (Mandatory) * Hands on experience in Penetration Testing * Strong analytical and problem-solving skills and the ability to explain complex technical concepts in a clear and concise manner and to provide remediation recommendations. * Knowledge of / or experience with both Enterprise and open-source offensive security tools for reconnaissance, scanning, exploitation * Sound understanding of security frameworks (OWASP Top 10, NIST, MITRE ATT&CK)

Technical Skillsets (Preferred) * Proficiency in a programming language(s) (e.g. Python, Ruby, Perl, PowerShell)

  • Exposure to DevSecOps, Security Architecture review and Network Security assessment would be a bonus.
  • Hands-on experience in Red Team Exercises, Threat Hunting, OSINT and Threat Modelling

Non Technical Skillsets (Preferred) * Estimate Project efforts and meet delivery milestones and deadlines * Excellent and effective report writing and verbal communication skills * Deliver results within stipulated time-lines * Team Player with good interpersonal skills * Should be able to work independently with minimum and least supervision in complex, dynamic and challenging environment. * Self-driven and self-managed technical team leader. * Communicate project requirements and influence stakeholders with minimal supervision.

Education and certifications

  • Industry recognized certifications (Eg: OSCP, CREST, eWPT, GXPN, GPEN, Cloud Certifications and other well acknowledged security certifications) preferred

Experience * Minimum 4 years’ experience

Info Sec Community Activities and Opportunities * Promote security researches that are aligned with the current industry requirements and incepted at HackIT. * Provide assistance and support for presenting research papers at security conferences across the globe * HackIT provides opportunity to contribute back to the information security community