Overview
Skills
Job Details
CISSP, GIAC or other security certifications preferred .
Job Title :: IT Security analyst
Client :: Network Product based
Location :: Santa clara, CA (Onsite)
Mode of Interview :: Pre-screening & 2rounds of interview with client
Job requirements
IT Security Analyst
Responsibilities:
Must-Have:
Develop and execute custom penetration testing methodologies and tools to
simulate real-world attacks.
Expertise in manual penetration testing techniques and the use of advanced
offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).
Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for
static and dynamic analysis.
Familiarity with security frameworks and approaches such as SAST, DAST,
fuzzing, property-based testing, symbolic execution, and network simulation.
Perform comprehensive security assessments of RESTful and other API
architectures.
Demonstrated ability to modify, develop, or chain custom exploits and tooling
(C2, loaders) to bypass modern EDR/XDR controls.
Demonstrated ability to identify and exploit vulnerabilities in API authentication
and authorization mechanisms.
Perform security testing for distributed systems and microservices.
Expert knowledge of hacking authentication methods such as OAuth, SAML, and
JWT.
Knowledge of macOS and Windows Active Directory systems and their security
implications.
Deep understanding of Linux operating systems and their security implications.
Ability to analyze and understand complex software architectures and
codebases.
Work closely with software engineers to provide security guidance and
recommendations.
Conduct in-depth penetration testing of cloud environments (AWS, Azure, Google Cloud Platform),
focusing on identifying complex vulnerabilities and security misconfigurations.
Perform penetration testing of containerized applications (Docker, Kubernetes)
and serverless architectures. Experience in breaking out of containers and
exploiting K8s cluster misconfigurations.
Basic knowledge of Python or Go programming languages for scripting and tool
development.
Collaborate effectively with cross-functional teams, including software engineers,
cloud architects, and security professionals.
Communicate security findings and recommendations clearly and concisely to
both technical and non-technical audiences.
Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack
techniques.
Conduct security research and develop new penetration testing methodologies.
Have experience in threat modelling, red/blue teaming, working with best-in-class
independent engineering teams.Nice-to-Have:
Administer and optimize Cloud Security Posture Management (CSPM) and SaaS
Security Posture Management (SSPM) tools.
Configure and maintain cloud security tools and platforms to ensure continuous
monitoring and threat detection.
Work with Infrastructure as Code tools such as Terraform and CloudFormation to
ensure secure cloud deployments.
Configure, deploy, and maintain Web Application Firewalls (WAF) in production
and development environments.Qualifications:
BA or BSc. in Computer Science, Information Security, or a related field.
4+ years of experience in penetration testing, with a strong focus on cloud security.
Expert-level knowledge of cloud platforms (AWS, Azure, Google Cloud Platform) and their security
services.
Proven experience in API security testing and authentication hacking.
Strong understanding of Linux, macOS and Windows Active directory operating systems
and software development practices.
Proficiency in using penetration testing tools and frameworks, including commercial tools
like Checkmarx, Invicti, and Synopsys etc.
Excellent communication and collaboration skills.
Deep understanding of the MITRE ATT&CK framework.
Experience working in a software development environment.Nice-to-Have:
Relevant security certifications (e.g., OSCP, OSCE, GPEN, GWAPT).
Experience with CSPM and SSPM tools.