Senior Offensive Security Analyst

We are hiring Senior Offensive Security Analyst in our Pune, India office. Qualified candidates will be responsible for conducting advanced penetration tests and security assessments across cloud and on-premises environments. This role requires strategic and out-of-box thinking, high technical expertise, and effective communication skills to proactively identify and address security risks.

What You'll Do:

• Typical daily work will consist of performing advanced penetration tests on cloud-based and on-premises infra to identify security weaknesses and loopholes.
• Perform Red teaming / Adversary emulations to simulate sophisticated cyberattacks and assess the effectiveness of existing security controls.
• Conduct Purple team exercises in collaboration with Sec-Ops to assess the effectiveness of defensive measures and incident response capabilities through realistic attack simulation.
• Develop and test custom exploits to demonstrate vulnerabilities and assess the potential impact on systems.
• Execute social engineering attacks, such as phishing or vishing, to evaluate the organization's susceptibility to human-centric threats.
• Perform Breach and Attack Simulations using BAS platform across the organization infrastructure.
• Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications.
• Assess and exploit weak IAM configurations, privilege escalation paths, and over-permissioned roles to identify security risks within cloud environments.
• Collaborate with incident response team to provide insights and support during and after security incidents.
• Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies.
• Create detailed reports outlining findings from penetration tests, red team exercises, and vulnerability assessments that include clear, actionable recommendations for remediation and risk mitigation

What You'll Bring:

• Proficiency in conducting penetration tests on internal networks, web applications, and systems to identify vulnerabilities and potential attack vectors.
• Ability to simulate sophisticated adversary tactics, techniques, and procedures (TTPs) to mimic real-world cyber-attacks, including social engineering, spear-phishing, and advanced malware deployment.
• Expertise in techniques for lateral movement within a compromised network, including pass-the-hash, RDP hijacking, and privilege escalation. Ability to establish persistence using tools like Cobalt Strike, Empire, or custom scripts.
• Skills in developing and deploying custom malware or payloads to evade traditional security controls like antivirus and endpoint detection and response (EDR) tools.
• Experience with offensive security tools such as Metasploit, Burp Suite, Nmap, Cobalt Strike, Wireshark, and Kali Linux for conducting vulnerability assessments and penetration testing.
• Ability to design and execute social engineering and phishing attacks to assess organizational awareness and vulnerability to human factor exploits.
• Familiarity with common reconnaissance, exploitation, and post exploitation techniques.
• Proficiency in testing web applications for vulnerabilities such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other application-level attacks.
• Strong Collaboration, Communication and Interpersonal skills with the ability to collaborate effectively with cross-functional teams, communicate complex technical concepts to non-technical stakeholders, and build consensus around security initiatives.

• Solid understanding of emerging threats, vulnerabilities, and exploits and an ability to think outside the box and emulate adversarial approaches.

• In-depth knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools.
• Expertise in discovering and exploiting common cloud misconfigurations, including insecure storage buckets, overly permissive IAM roles, and weak security group rules.
• Ability to design cloud-specific threat models and conduct red teaming exercises that simulate advanced attacks on cloud environments to evaluate organizational defenses.
• Bachelor's in computer science/management of computer information/information assurance or Cybersecurity
• 3+ years of Penetration Testing / Red-Teaming / Offensive Security
• Must have Security Certifications: OSCP / GPEN
• Preferred Security Certifications: CPTS,CRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP
• Preferred Security Cloud Certifications: AWS Security Specialty
• Excellent independent (self-motivational, organizational, personal project management) skills
• High Expertise in performing offensive security assessments and penetration testing in cloud environments, identifying vulnerabilities, misconfigurations, and exploitation vectors unique to cloud infrastructures.
• Good to have knowledge of DevSecOps practices and experience in assessing and securing Infrastructure as Code (IaC) tools and templates (e.g., Terraform, CloudFormation) to prevent vulnerabilities in cloud deployments.
• Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities.
• Experience on Breach and Attack Simulation (BAS) Tools like Cymulate, Pentera, Safebreach etc is a plus.
• Fluency in English
• Client-first mentality
• Intense work ethic
• Collaborative spirit and problem-solving approach