Senior Security Analyst

Key Responsibilities
Conduct comprehensive cloud security assessments across AWS, Azure, and GCP environments Perform thorough secure code reviews using automated tools and manual analysis Execute penetration tests along the areas of web application, mobile application, API and thick client security assessments Develop and maintain custom security rules and detection mechanisms Develop detailed security assessment reports to present to the customers consisting of the project’s outcomes, pentest activity findings Utilise strobes Ptaas platform and leverage it for efficient executions of projects across web, mobile, API and networks Contribute to the security culture of the team with great findings, research on active trends and collaborate with team members Provide technical guidance to clients for vulnerability remediation and address client challenges from a project delivery and technical perspective

Project Management Skills
Drive security assessment projects independently from start to finish with minimal guidance. Ensure consistent quality and timely delivery of security assessments to the clients. Communicate electively with clients about security findings and remediation strategies. Document and present technical findings to both technical and non-technical stakeholders. Ensure to adapt usage of Strobes pTaas platform across the projects worked upon with efficiency.

Technical Skills & Experience

Technical Skills
Strong expertise in web, mobile, API and thick client penetration testing. Possesses strong hands-on knowledge on security tools like drozer, frida, objection, DNSChef, BurpSuite, Zap proxy, Nmap, Nessus. Strong expertise in red teaming projects from internal and external point of view. Versed with MITRE Attack, OWASP, NIST frameworks. Strong expertise in cloud security architecture and best practices across major cloud providers (AWS, Azure, GCP). Proficiency with cloud security assessment tools such as Prowler and CloudMapper. Experience with secure code review methodologies and tools like Semgrep , sonarqube. Ability to develop custom security rules and detection mechanisms. Hands-on experience with security tools like Burp Suite, Nessus, Nuclei, Metasploit. Understanding of common web, network vulnerabilities and their attack vectors.

Knowledge & Standards
Deep understanding of OWASP Top 10, MITRE and OWASP ASVS frameworks. Familiarity with NIST frameworks and security guidelines. Knowledge of industry compliance requirements and security standards. Understanding of secure development practices and DevSecOps principles.

Professional Skills
Strong analytical and problem-solving abilities. Excellent writing and verbal communication skills. Ability to work independently and manage multiple projects. Detail-oriented with a focus on quality deliverables. Strong documentation and technical writing skills.

Relevant Security Certifications
OSCP, CEH, AWS/Azure/GCP Security certifications) preferred 3+ years of experience in application security, penetration testing, or related field. Location- Remote