Security Analyst

Job Details : Experience :

5 Years

Work Location : Chennai

Work Mode : Hybrid

Roles and Responsibilities :

5–7 years of hands-on experience in VAPT, preferably in both application and infrastructure testing.

Perform manual verification and risk assessment of identified vulnerabilities.

Track and validate remediation efforts in collaboration with IT and application teams.

Execute black-box, grey-box, and white-box penetration tests on web applications, APIs, internal systems, external networks, and mobile apps.

Exploit vulnerabilities in controlled environments to assess real-world risks.

Simulate advanced threat actor behaviours and pivot through environments for lateral movement analysis.

Review application architecture and code (static / dynamic analysis) for security issues.

Work with DevOps and engineering teams to ensure secure SDLC practices are followed.

Conduct threat modelling and provide recommendations during design and development phases.

Prepare detailed reports with evidence of vulnerabilities, risk ratings, exploit techniques, and remediation guidance.

Present findings to both technical and non-technical stakeholders.

Maintain documentation of test plans, procedures, and assessment tools.

Solid knowledge of OWASP Top 10, SANS 25, and CVSS scoring.

Burp Suite, Metasploit, Nmap, Wireshark, Nikto, Hydra, and SQLmap SAST / DAST platforms like Fortify or Veracode

Proficiency in scripting (Python, Bash, or PowerShell) to build or extend tools.

Strong understanding of TCP / IP, firewalls, IDS / IPS, and network protocols.

Familiarity with cloud security (AWS, Azure, or GCP).