IS Analyst- VAPT

Duties/Responsibilities

• Key member of the GCS IS Ethical Hacking & Data Protection Team
• Perform and facilitate network and application penetration tests for internal teams, on a variety of technologies.
• Perform threat models and security consultations with internal teams, to advise on security best practices.
• Develop remediation recommendations for IT administrators and developers, tailored to their environment and business needs.
• Deliver high quality and actional reports for a diverse audience of IT administrators and developers.
• Monitor for vulnerability trends across the enterprise and notify leadership about opportunities for improvement.
• Recommend security enhancements and purchases consistent with information security strategy and evolving threats for business units supported.
• Keep up to date on information security threats and countermeasures and advise technical staff.
• Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain.
  

Required Skills & Attributes

• Web application penetration testing
• Advanced ability to understand application diagrams and consult on security best practices.
• Advanced understanding of web application vulnerabilities such as XSS, SQLi, iDOR, and others in the OWASP Top 10.
• Experience with penetration testing tools such as BurpSuite, Fiddler, ZAP, Metasploit, and exploitDB.
• Strong proficiency in Linux.
• Understanding of cloud services (Azure, AWS) and their role in creating a secure application environment.
• Strong English verbal and written communication skills—including the ability to prepare documentation and ability to clearly and effectively communicate Information Security matters to executives, auditors and end users.
• Strong ability to work in a team effectively and collaborate across multiple time zones.
  

Required Qualifications

• Bachelor’s degree or equivalent experience, and 05+ years application penetration testing and/or red teaming experience.
  

Preferred Skills & Attributes

• One (or more) relevant certifications: GPEN[i], GWAPT[ii],OSCP[iii], CPTE[iv], ITVA[v], CISSP[vi],
• CTF experience (HackTheBox, VulnHub, OverTheWire, etc)
• Experience with ISO 27001/2 or other information security industry regulatory controls and compliance.
• Ability to interpret information security data and processes to identify potential compliance issues.
• Decision-making and problem solving skills including the ability to clearly define and resolve issues.
• Assertive and proactive in identifying and resolving issues and concerns.
• Excellent time management skills including the ability to prepare prioritize and complete work plans.
• Ability to work with geographically diverse offices in a global organization, with a willingness to work offset hours occasionally to accommodate time zones.