Senior Product Security Analyst

We are looking for an Sr Product Security Analyst, with a focus on Penetration testing and Python coding. In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the Cyber Security Lab team.

Roles and Responsibilities

In this role, you will:

• Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Engage in incident response methods lead incident response processes related to product cybersecurity
• Create and track meaningful metrics around product cyber risk and compensating controls
• Perform Security Code Reviews, Vulnerability Analysis and research on application code
• Create vulnerability and incident trend analysis to improve product design
• Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components
• Engage and administer End Of Life processes for digital products
• Promote best practices based on OWASP, SANS Top 25.
• Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS
• Ability to automate attack scenarios to avoid repetitive work.
• Consult, architect on security requirements and utilize best practices to meet them.
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view
• Respond promptly and in detail to customer-sponsored penetration tests
• Provide guidance on automated testing tools and techniques

Required Skills

• Professional expertise with Kali Linux, Metasploit, Meterpreter.
• Hands-on experience in Windows/Linux and network security.
• Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc.

Education Qualification

• Bachelor's Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math) with a minimum of 5+ years of experience in systems security, product / OT security and application security

Technical Expertise

• Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
• Experience with secure coding principles; code signing; secure boot
• Experience with penetration testing and ethical hacking
• Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
• Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
• Experienced in developing web services (SOAP/REST)
• Must be available for on call for potential security response
• Knowledge of application risk identification and evaluation techniques
• Knowledge of Cyber Security and full knowledge of multiple related engineering functions
• Experience securing applications within cloud platforms such as AWS, Azure and alike.
• Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment