drjobs Senior Offensive Security Analyst

Senior Offensive Security Analyst

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Pune - India

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

ESSENTIAL JOB FUNCTIONS:

  • Typical daily work will consist of performing advanced penetration tests on cloudbased and onpremises infra to identify security weaknesses and loopholes.
  • Perform Red teaming / Adversary emulations to simulate sophisticated cyberattacks and assess the effectiveness of existing security controls.
  • Conduct Purple team exercises in collaboration with SecOps to assess the effectiveness of defensive measures and incident response capabilities through realistic attack simulation.
  • Develop and test custom exploits to demonstrate vulnerabilities and assess the potential impact on systems.
  • Execute social engineering attacks such as phishing or vishing to evaluate the organizations susceptibility to humancentric threats.
  • Perform Breach and Attack Simulations using BAS platform across the organization infrastructure.
  • Conduct comprehensive cloud penetration tests targeting AWS Azure GCP to identify and exploit misconfigurations insecure interfaces and vulnerabilities in cloud services and applications.
  • Assess and exploit weak IAM configurations privilege escalation paths and overpermissioned roles to identify security risks within cloud environments.
  • Collaborate with incident response team to provide insights and support during and after security incidents.
  • Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies.
  • Create detailed reports outlining findings from penetration tests red team exercises and vulnerability assessments that include clear actionable recommendations for remediation and risk mitigation.

MUST HAVE KNOWLEDGE SKILLS & ABILITIES:

  • Proficiency in conducting penetration tests on internal networks web applications and systems to identify vulnerabilities and potential attack vectors.
  • Ability to simulate sophisticated adversary tactics techniques and procedures (TTPs) to mimic realworld cyberattacks including social engineering spearphishing and advanced malware deployment.
  • Expertise in techniques for lateral movement within a compromised network including passthehash RDP hijacking and privilege escalation. Ability to establish persistence using tools like Cobalt Strike Empire or custom scripts.
  • Skills in developing and deploying custom malware or payloads to evade traditional security controls like antivirus and endpoint detection and response (EDR) tools.
  • Experience with offensive security tools such as Metasploit Burp Suite Nmap Cobalt Strike Wireshark and Kali Linux for conducting vulnerability assessments and penetration testing.
  • Ability to design and execute social engineering and phishing attacks to assess organizational awareness and vulnerability to human factor exploits.
  • Familiarity with common reconnaissance exploitation and post exploitation techniques.
  • Proficiency in testing web applications for vulnerabilities such as SQL injection crosssite scripting (XSS) crosssite request forgery (CSRF) and other applicationlevel attacks.
  • Strong Collaboration Communication and Interpersonal skills with the ability to collaborate effectively with crossfunctional teams communicate complex technical concepts to nontechnical stakeholders and build consensus around security initiatives.
  • Solid understanding of emerging threats vulnerabilities and exploits and an ability to think outside the box and emulate adversarial approaches.
  • Indepth knowledge of major cloud platforms (AWS Azure GCP) including their security models IAM roles virtual private cloud (VPC) configurations and cloudnative security tools.
  • Expertise in discovering and exploiting common cloud misconfigurations including insecure storage buckets overly permissive IAM roles and weak security group rules.
  • Ability to design cloudspecific threat models and conduct red teaming exercises that simulate advanced attacks on cloud environments to evaluate organizational defenses.

Employment Type

Full Time

Company Industry

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.