Sr. Security Analyst

Role Responsibilities:

• Supervise and lead security assessments, including static and dynamic application security testing
• Conduct manual penetration testing on web applications, network devices, and other systems
• Collaborate with our clients in a fast-paced environment across many technology stacks and services, including cloud platforms and development technologies
• Develop, enhance, and interpret security standards and guidance
• Demonstrate and promote security best practices, including secure development and cloud security
• Assist with the development of remediation recommendations for identified findings
• Identify and clearly articulate (written and verbal) findings to senior management and clients
• Help identify improvement opportunities for assigned clients
• Stay up-to-date with the latest security trends, technologies, and best practices
• Lead and foster teamwork and open communication to deliver successful outcomes
• Supervise, mentor, and manage the engagement of other staff working on assigned engagements

Qualifications and Experience:

• BS in Computer Science, Engineering, or related field or equivalent work experience
• Offensive Security Certified Professional (OSCP)
• Advanced expertise in web security, with comprehensive knowledge of vulnerabilities and effective exploitation techniques
• 5+ years of experience in code review, application security testing, or web application development
• Excellent written and verbal communication skills
• Proficient programming skills (e.g. Java, Python, Ruby, JavaScript)
• Experience with cloud platforms, such as AWS, and knowledge of cloud security best practices
• Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, JSON, REST, etc.
• Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices
• Technical background in application development, networking/system administration, security testing, or related fields
• Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques
• Preferred, but not required – one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), , Burp Suite Certified Practitioner, or AWS Certified Security Specialist.