IT Security Analyst

As an IT Security Senior Analyst, you will be responsible for performing penetration testing (PT), SAST, and articulating findings in an easily comprehensible manner to asset owners. Collaborative skills are essential for this role. Your key responsibilities will include building a Secure Development Lifecycle (SDLC) by embedding SAST, SCA, DAST, and penetration testing into the development pipeline. You will conduct penetration testing of various component types such as web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Additionally, you will run SAST & DAST scans, analyze tool results, provide remediation support, and review open-source components. It will be your responsibility to assess, report, and close identified vulnerabilities and validate issues as part of the responsible disclosure program. You will be required to provide status reports to the PT Service owner and other stakeholders related to key metrics, risk indicators, trending, and compliance. Furthermore, you will analyze security assessment results and threat feeds to appropriately react to security weaknesses or vulnerabilities. Supporting the Automation of Vulnerability Management program to achieve efficiency and effectiveness, as well as configuring and maintaining regular and ad-hoc vulnerability scans using SAST & DAST tools against internal and external applications are also part of your role. To be successful in this position, you should have a minimum of 1.5 years of experience in performing penetration testing of web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Experience working with SAST & DAST programs, developing and communicating SDLC processes, and performing manual source code reviews is required. Proficiency in using tools like Burp Suite and exposure to platforms such as Veracode, Acunetix, Kali Linux, and Android Studio (AVD) are preferred. A good understanding of Windows, Linux, Active Directory, and networking protocols is also necessary.,