Security Analyst

Job Summary

A Security Analyst specializing in Vulnerability Assessment and Penetration Testing (VAPT) is responsible for evaluating and testing an organization’s digital assets for vulnerabilities. This Role is responsible to manage organization’s internal and external vulnerability management program from scan to resolution of identified vulnerabilities.

Roles and Responsibilities:

• Perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications & IT Assets.
• Leverage threat modelling for applications to identify potential threats and suggest suitable mitigation strategies.
• Manage organization’s internal vulnerability management program execution, coordination, reporting and mitigation of vulnerabilities with various stakeholders.
• Work with external Vendor to plan, execute External VAPT on IT Assets, software applications, software code, mobile apps. Provide technical leadership in setting up SoW, complete External VAPT scan from start to closer of identified vulnerabilities.
• Work closely with cross function teams including IT and product development teams to close security findings, vulnerabilities.
• Develop and implement strategies to improve overall security posture.

Knowledge And Skills

• Bachelor’s degree in computer science, Information Security, or a related field.
• Proven experience in vulnerability assessment and penetration testing.
• Good understanding of various Security standards like OWASP Top 10, OWASP Mobile Top 10, OWASP API Top 10, OWASP IoT Top 10, SANS Top 25, NIST.
• Good understanding of vulnerability severity calculation methods like CVSS
• Any of security certification related to VAPT, for example:
• Certified Security Analyst (ECSA).
• Licensed Penetration Tester (LPT).
• Offensive Security Certified Professional (OSCP).
• Offensive Security Certified Web Expert (OSWE).
• GIAC Penetration Tester (GPEN)
• Sound working experience with security scan products like Nessus, burp suits, Open VAS.
• Strong understanding of security principles, techniques, and technologies.
• Knowledge of application design and coding practices.
• Knowledge on any vulnerability management products like Qualys, Tenable, Rapid7
• High level of initiative and self-direction
• Excellent communicator in English, both written and spoken while being able to convey information effectively at multiple levels of sensitivity and for various audiences.