Information Security Analyst

Astra Security is seeking an Information Security Analyst - I to join our remote team. In this role, you will be responsible for performing comprehensive vulnerability assessments and penetration tests across a variety of assets, including web applications, mobile applications, cloud infrastructure, SaaS applications, network devices, and open-source projects. You will also play a key role in developing and testing rule sets for our DAST scanner. A significant part of this position involves client interaction, including conducting remediation calls and guiding clients through the process of fixing identified vulnerabilities. Maintaining our vulnerability management system will also be a core responsibility.

Requirements:

• Possess CEH, OSCP, or CREST certification.
• 1-2 years of experience in conducting penetration tests on diverse assets such as web applications and cloud infrastructure.
• Proficiency in both Black Box and White Box testing methodologies, with a demonstrated ability to discover business logic vulnerabilities.
• Proven experience in direct client interaction via calls and emails.
• Ability to read and understand code in at least one programming language.

Good to have:

• A track record of published CVEs.
• Experience in bug bounty programs or Capture The Flag (CTF) competitions.

Benefits:

• Embrace a flexible, remote work environment.
• Experience the dynamic pace of a growing startup.
• Your contributions will be recognized by a wide audience.
• Enjoy an open, growth-oriented company culture.
• Immerse yourself in the exciting field of cybersecurity.
• Participate in memorable workations in unique locations.