Cyber Security Analyst II (DAST)

You will be responsible for conducting comprehensive security assessments, including manual penetration testing and automated Dynamic Application Security Testing (DAST), to identify network, application, and system vulnerabilities. You will exploit vulnerabilities to simulate real-world attack scenarios and assess potential business impact. Additionally, you will configure, run, and analyze DAST tools to identify and validate application vulnerabilities. Collaborating with development and DevSecOps teams to integrate security testing into CI/CD pipelines and secure SDLC processes will also be a key part of your role. You are expected to provide detailed reporting with actionable recommendations for remediation of identified vulnerabilities. - Conduct comprehensive security assessments including manual penetration testing and automated DAST - Exploit vulnerabilities to simulate real-world attack scenarios - Configure, run, and analyze DAST tools to identify and validate application vulnerabilities - Collaborate with development and DevSecOps teams to integrate security testing into CI/CD pipelines - Provide detailed reporting with actionable recommendations for remediation of identified vulnerabilities You must have proficiency with tools such as Metasploit, Burp Suite, OWASP ZAP, Nmap, and Wireshark, and experience with commercial DAST solutions like Qualys. A strong understanding of network security, web application security, API security, and the OWASP Top Ten is required. Familiarity with scripting languages for automation and testing is preferred. Staying updated on emerging threats, vulnerabilities, and attack methodologies is essential. Knowledge of secure coding practices and the ability to guide developers in remediating vulnerabilities is also necessary. Understanding of regulatory compliance standards (e.g., PCI DSS, GDPR) and application security best practices is expected. Relevant certifications such as OSCP, CEH, GPEN, GWAPT, or CSSLP are preferred. Building quantitative and qualitative risk metrics, as well as dashboarding in PowerBI and advanced PowerPoint skills, are desired. - Proficiency with tools such as Metasploit, Burp Suite, OWASP ZAP, Nmap, and Wireshark - Strong understanding of network security, web application security, API security, and the OWASP Top Ten - Familiarity with scripting languages for automation and testing - Knowledge of secure coding practices and ability to guide developers in remediating vulnerabilities - Understanding of regulatory compliance standards and application security best practices - Relevant certifications such as OSCP, CEH, GPEN, GWAPT, or CSSLP are preferred - Building quantitative and qualitative risk metrics, dashboarding in PowerBI, and advanced PowerPoint skills You should hold a Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. A minimum of 3 years of experience in Cyber Security, VAPT, information security, or a related role is required. Professional certifications such as CISSP, CISM, CEH, or CompTIA Security are highly desirable. Excellent analytical and problem-solving skills, strong communication and interpersonal skills, and the ability to work independently and as part of a team in a fast-paced environment are also necessary. You will be responsible for conducting comprehensive security assessments, including manual penetration testing and automated Dynamic Application Security Testing (DAST), to identify network, application, and system vulnerabilities. You will exploit vulnerabilities to simulate real-world attack scenarios and assess potential business impact. Additionally, you will configure, run, and analyze DAST tools to identify and validate application vulnerabilities. Collaborating with development and DevSecOps teams to integrate security testing into CI/CD pipelines and secure SDLC processes will also be a key part of your role. You are expected to provide detailed reporting with actionable recommendations for remediation of identified vulnerabilities. - Conduct comprehensive security assessments including manual penetration testing and automated DAST - Exploit vulnerabilities to simulate real-world attack scenarios - Configure, run, and analyze DAST tools to identify and validate application vulnerabilities - Collaborate with development and DevSecOps teams to integrate security testing into CI/CD pipelines - Provide detailed reporting with actionable recommendations for remediation of identified vulnerabilities You must have proficiency with tools such as Metasploit, Burp Suite, OWASP ZAP, Nmap, and Wireshark, and experience with commercial DAST solutions like Qualys. A strong understanding of network security, web application security, API security, and the OWASP Top Ten is required. Familiarity with scripting languages for automation and testing is preferred. Staying updated on emerging threats, vulnerabilities, and attack methodologies is essential. Knowledge of sec