About the Role

Are you passionate about being the first line of defense in cybersecurity, blending deep penetration testing expertise with a commitment to secure software development? Join our forward-thinking cybersecurity team as a Senior Security Analyst. You will be instrumental in executing both manual and automated penetration tests, collaborating closely with development teams, and embedding essential security best practices throughout the organization.

Key Responsibilities

• Perform hands-on penetration testing of applications, infrastructure, and cloud deployments, with a strong understanding of SASE solutions to ensure early vulnerability detection.
• Simulate advanced cyber threats through red team exercises, clearly and constructively communicating findings.
• Collaborate directly with developers and DevOps engineers to integrate security into every deployment (DevSecOps), automating and monitoring secure coding practices within the Software Development Lifecycle (SDLC).
• Manage the end-to-end vulnerability lifecycle, from identification through remediation, utilizing tools such as Qualys, Tenable, and SAST solutions like Veracode and Snyk.
• Analyze and responsibly disclose security risks, providing prioritized and actionable recommendations for development, IT, and leadership teams.
• Drive continuous improvement by staying current with security trends and implementing enhancements to protection strategies and tooling.
• Support and mentor team members, fostering a culture of knowledge sharing and proactive security.
• Facilitate security-focused communication between business, IT, and engineering teams.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• A minimum of 3 years of experience in penetration testing, with significant knowledge of vulnerability management and DevSecOps principles.
• Expertise in penetration testing tools and frameworks (e.g., Burp Suite, NMAP, RASP, Kali Linux, OWASP Top Ten, CVSS Scoring, MITRE ATT&CK).
• Proven experience in operationalizing vulnerability management platforms and SAST tools within CI/CD workflows.
• A solid understanding of Linux, Windows, networking, and major cloud platforms (AWS, Azure, GCP).
• Strong communication skills, with the ability to effectively interact with both technical and business stakeholders.
• Relevant certifications such as OSCP, CEH, PNPT, or CPPT are highly advantageous.