Cyber security Analyst

Key Responsibilities
• Perform manual security testing of web applications and API's hosted in Cloud and on-premises infrastructure.
• Perform manual security testing of Thick Client / Desktop Apps using re-engineering techniques via tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, ghidra.
• Perform manual security testing of Mobile applications build for Android, IOS platform using tools like GenyMotion, Drozer, MobSF, Android Studio.
• Install, configure, use and maintain scanning and testing tools used for testing web apps/ API's/ Thick client/ mobile apps.
• Knowledge/Experience of working with Burp Suite.
• Manually verify security vulnerabilities identified by automated tools.
• Should have an understanding of assessing severity of the vulns identified during testing based on the CVSS scoring mechanism
• Meet with application team to collect information and determine scope of testing
• Provide status and resolve issues that impact testing as required
• Document identified security vulnerabilities and related matters in a clear, concise and timely manner.
• Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation.
• Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities.

Qualifications:
• 6-7 Years of Experience in Web Application, Web API Penetration Testing, Thick client Testing, Mobile application testing, ideally in Finance Domain.
• Experience in conducting security assessment of AWS components such as S3 buckets, EC2 instances, Lambda functions, SNS etc ) being used by the cloud hosted applications
• Experience using Burp Suite & OWASP ZAP & other tools required to conduct security testing of Thick client apps and mobile apps.
• Sound knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns that lead to them, as well as remediation techniques.
• Working knowledge of authentication and identity management technologies.
• Strong interpersonal and communication skills; ability to work in a team environment
• Ability to work independently with minimal direction; self-starter/self-motivated

Additional Information:
Plus/Good to Have
• Professionally recognized certifications in a security-related field like CEH.
• Sound Knowledge of Network Protocols.
• Advanced programming abilities in Python (Strongly Preferred) or similar programming language
• Experience in Static Application Security Testing (SAST)
• Experience with threat modeling, security design reviews, and security architecture is a plus.
• Experience with enterprise applications (architecture, development, support, and troubleshooting)