CloudSEK - Senior Security Analyst - Penetration Testing

About the Job :

We are seeking a highly skilled and experienced Security Engineer to join our team, focusing on offensive security, exploitation, and automation.

The ideal candidate will possess expertise in advanced Red Teaming methodologies, deep knowledge of web application and API penetration testing, and proficiency in scripting, security automation, and vulnerability exploitation techniques.

You will be responsible for validating real-world risk and providing expert technical advisory to clients.

Key Responsibilities :

• Lead Advanced Penetration Testing : Plan and execute comprehensive offensive security engagements, including Red Team operations, web application, API, mobile application, and cloud environment penetration tests.
• Exploitation and Validation : Proactively identify, exploit, and validate critical vulnerabilities (including 0-days) across diverse client environments to demonstrate real-world impact and risk.
• Automation & Tool Development : Design, develop, and implement custom scripts and security tools (e.g. , in Python, Go) to automate offensive processes, continuous security assessments, and improve the team's efficiency and capabilities.
• Vulnerability Mitigation Advisory : Translate complex technical findings into clear, actionable reports and provide expert, technical guidance to engineering teams on effective mitigation strategies and security best practices.
• Advanced Threat Research : Conduct deep technical research on emerging exploit techniques, zero-day vulnerabilities, and attacker Tactics, Techniques, and Procedures (TTPs) to enhance internal capabilities and methodologies.
• Client-Facing Proof of Concept (POC) : Conduct professional and technical POC calls with clients, clearly articulating complex exploitation scenarios, demonstrating technical risk, and discussing the corresponding business impact.
• Cross-Functional Collaboration : Partner with internal R&D and Product Management teams, utilizing penetration testing insights to drive significant security feature enhancements and improvements in our product offerings.
• Knowledge Leadership : Contribute to and lead the creation of sophisticated internal knowledge base articles, runbooks, and SOPs focused on advanced exploitation and testing Experience : Minimum of 2+ years of progressive, hands-on experience in offensive security, specifically Red Teaming and advanced penetration testing.
• Proven track record of successful vulnerability exploitation and bypass of security controls.
• Technical Expertise : Expert proficiency in at least one relevant scripting language (e.g. , Python, Go, PowerShell) and deep, hands-on experience with industry-standard security tools (e.g. , Burp Suite Pro, Metasploit, Nmap, specific cloud security tools).
• Offensive Certifications (Preferred) : Advanced offensive security certifications such as OSCP etc or equivalent.
• Domain Knowledge : Strong understanding of current threat intelligence, dark web monitoring trends, and how they inform offensive testing methodologies.
• Cloud / Mobile Exploitation : Demonstrated experience identifying and exploiting vulnerabilities in major cloud providers (AWS, Azure, GCP) and mobile platforms (iOS / Android).
• Advanced Problem-Solving : Exceptional analytical and structured problem-solving skills focused on bypassing complex security defenses and troubleshooting non-standard technical issues.
• Communication & Presentation : Strong communication, documentation, and interpersonal skills, with the ability to translate technical risks (exploitation paths) into clear, compelling reports and presentations for both technical teams and senior client stakeholders.
• Commitment to Operational Excellence : Willingness to provide support for critical operational schedules, potentially including rotating shifts, to ensure continuous, high-quality assessment coverage

(ref : hirist.tech)