Security Analyst- Pen Testing

The Security Analyst- Pen Testing plays a critical role in facilitating continued growth and execution within our security practice. This highly skilled and detail-oriented Consultant will have deep knowledge in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Hardware Penetration Testing. The ideal candidate will be responsible for identifying vulnerabilities across software and hardware systems, advising on remediation strategies, and communicating findings clearly to both technical and non-technical stakeholders.

Primary Responsibilities:

• Conduct in-depth SAST, DAST, and SCA assessments across a variety of application types (web, mobile, desktop, APIs).
• Perform hardware penetration testing on embedded systems, IoT devices, and industrial control systems (ICS), including debug interface discovery, firmware extraction and analysis, and secure boot review.
• Develop and maintain threat models, attack trees, and risk assessments for both software and hardware systems.
• Identify and exploit vulnerabilities using both manual techniques and automated tools, simulating real-world attack scenarios.
• Provide detailed technical reports and executive summaries tailored to different audiences, including developers, engineers, and leadership.
• Collaborate with product and engineering teams to prioritize and remediate vulnerabilities, offering secure design and coding recommendations.
• Participate in security architecture reviews and code reviews to identify potential weaknesses early in the development lifecycle.
• Assist in the development and implementation of security testing methodologies, checklists, and standard operating procedures.
• Conduct security tool evaluations and help integrate them into CI/CD pipelines for continuous security testing.
• Lead or support red team/blue team exercises, tabletop simulations, and incident response drills.
• Stay abreast of the latest security trends, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs).
• Contribute to internal knowledge bases, training sessions, and technical workshops to upskill team members and clients.
• Engage with clients to understand their security needs, define testing scopes, and deliver high-quality consulting services.
• Ensure all testing activities comply with legal, ethical, and organizational guidelines, including responsible disclosure practices.
• Develop and present organized report findings to technical audiences.