Security Analyst

• Execute long term offensive security engagements and identify security gaps within the infrastructure and services.
• Perform Recon, Weaponization, Payload Delivery and C&C techniques.
• Integration, Modification and Automation of Security tools by means of scripting and use of AI.
• Research the TTPs of various threat actors and create payloads that can emulate those threat actors.
• Utilizing Threat intelligence to aid red team campaigns.
• Execute Windows and Unix lateral movement and foothold techniques.
• Windows AD environment and exploitation techniques.
• Exploiting Web, Mobile applications.
• Performing security code reviews.
• Performing software reverse engineering and malware analysis
• Train employees on how to avoid falling prey to social engineering tactics and execute social engineering engagements
• Analyse digital forensics and be a part of incident response during a security incident
• Review security groups, VPC configurations, etc. to strengthen the cloud infrastructure setup
• Participate in tabletop exercises as a part of purple teaming initiative
• Presenting the findings to senior management and executives.
• Remediate the identified security gaps by writing code, writing rules for IDS system, etc.
  

KEY COMPETENCIES

• Sound Technical skills
• Leadership
• Quick decision-making capabilities.
• Good to assist with remediation strategies for the security findings.
• Persistence and follow through on tasks
• Demonstrates ability to follow through on multiple tasks or issues.
• Assumes responsibility and accountability for successfully completing assignments.
• Identify obstacles and overcome barriers under guidance.
• Flexible and adaptable to taking on new responsibilities and learning new technology.
• Team player who possesses excellent interpersonal skills and communication abilities, with a high degree of self-confidence.
  

REQUIRED EXPERIENCE

• 3+ years’ experience in offensive security testing.
• Understanding of OWASP Top 10, MITRE attack Frameworks and Cyber Kill Chain.
• AV /EDR bypass is a desirable skill.
• Vulnerability Management.
• Understanding of coding skills in .Net, C, C++, Java, Web technologies and UI scripts (JS, typescript, web assembly, etc.)
• 2+ years of scripting skills using Go, Python, Perl, etc.
• Understanding of AI in offensive security.
• 1-2 years’ experience of writing / modifying exploit codes.
• 2-3 years’ experience with commercial and open-source network/web vulnerability scanners.
• Extensive experience on Red Team Campaigns and Red Team Tools.
• Extensive experience using tools such Metasploit, C2, DNSCAT2, Caldera, Clockify etc.
• Familiarity with various network architectures, network services, system types, network devices, development platforms, software suites & tools like Wireshark.
• Experience in Code review, Malware Analysis, Reverse Engineering.
• Fundamental understanding of computer networks and WiFi technology.
• Solid understanding of cloud computing.
  

QUALIFICATIONS: -

• Master’s/Bachelor’s degree in Computer Science or years of related experience+.
• OSCP, CRTO, CRTP, PenTest+, PNPT, Red Teams Ops, etc.