Security Analyst

This is a remote position.

• Perform manual-first penetration testing across web, API, and mobile (iOS/Android) applications
  
• Identify and exploit vulnerabilities including business logic flaws, authentication issues, and attack chains (e.g., IDOR)
  
• Conduct infrastructure testing (internal/external networks, Active Directory, perimeter systems)
  
• Perform cloud security assessments (AWS, Azure)
  
• Apply threat-led and adversary simulation techniques where relevant
  
• Develop scripts and tools to improve testing efficiency and quality
  
• Own end-to-end delivery of engagements (planning, execution, reporting, and close-out)
  
• Produce clear, structured reports with risk ratings and actionable remediation guidance
  
• Present findings to both technical and non-technical stakeholders
  
• Collaborate with internal teams and support pre-sales activities when needed
  
• Contribute to internal knowledge sharing, playbooks, and mentoring junior team members
  

Requirements

• 2+ years of hands-on experience in penetration testing (Mid to Senior level: 2–6+ years preferred)
  
• Strong understanding of OWASP Top 10, ASVS, and API Security Top 10
  
• Experience with manual testing techniques, including vulnerability chaining and exploitation
  
• Proficiency with tools such as Burp Suite, Nmap, Kali Linux, and scripting (Python or PowerShell)
  
• Experience in web, API, and at least one of the following: mobile, infrastructure, or cloud testing
  
• Strong analytical and problem-solving skills
  
• Excellent written and verbal communication in English
  
• Ability to clearly communicate technical risks and remediation steps
  
• Strong attention to detail and structured documentation skills
  
• Ability to work independently and as part of a team