Security Analyst

Category: IT Services

Location:

• Perform manual-first penetration testing across web, API, and mobile (iOS/Android) applications
• Identify and exploit vulnerabilities including business logic flaws, authentication issues, and attack chains (e.g., IDOR)
• Conduct infrastructure testing (internal/external networks, Active Directory, perimeter systems)
• Perform cloud security assessments (AWS, Azure)
• Apply threat-led and adversary simulation techniques where relevant
• Develop scripts and tools to improve testing efficiency and quality
• Own end-to-end delivery of engagements (planning, execution, reporting, and close-out)
• Produce clear, structured reports with risk ratings and actionable remediation guidance
• Present findings to both technical and non-technical stakeholders
• Collaborate with internal teams and support pre-sales activities when needed
• Contribute to internal knowledge sharing, playbooks, and mentoring junior team members

Requirements

• 2+ years of hands-on experience in penetration testing (Mid to Senior level: 2–6+ years preferred)
• Strong understanding of OWASP Top 10, ASVS, and API Security Top 10
• Experience with manual testing techniques, including vulnerability chaining and exploitation
• Proficiency with tools such as Burp Suite, Nmap, Kali Linux, and scripting (Python or PowerShell)
• Experience in web, API, and at least one of the following: mobile, infrastructure, or cloud testing
• Strong analytical and problem-solving skills
• Excellent written and verbal communication in English
• Ability to clearly communicate technical risks and remediation steps
• Strong attention to detail and structured documentation skills
• Ability to work independently and as part of a team

Details

Originally posted on Himalayas