IT Security Analyst

Conduct in-depth penetration testing of cloud environments (AWS, Azure, GCP), focusing on identifying complex vulnerabilities and security misconfigurations.Perform penetration testing of containerized applications (Docker, Kubernetes) and serverless architectures.Develop and execute custom penetration testing methodologies and tools to simulate real-world attacks.Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for static and dynamic analysis.Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, and network simulation.Perform comprehensive security assessments of RESTful and other API architectures.Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.Perform security testing for distributed systems and microservices.Expert knowledge of hacking authentication methods such as OAuth, SAML, and JWT.Knowledge of macOS and Windows Active Directory systems and their security implications.Deep understanding of Linux operating systems and their security implications.Ability to analyze and understand complex software architectures and codebases.Work closely with software engineers to provide security guidance and recommendations.Basic knowledge of Python or Go programming languages for scripting and tool development.Collaborate effectively with cross-functional teams, including software engineers, cloud architects, and security professionals.Communicate security findings and recommendations clearly and concisely to both technical and non-technical audiences.Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack techniques.Conduct security research and develop new penetration testing methodologies.Have experience in threat modelling, red/blue teaming, working with best-in-class independent engineering teams.Nice-to-Have:Administer and optimize Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools.Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection.Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments.Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.