About the position
The Analyst role will be part of the Penetration Testing team within Global Cyber Security and will work with the Director of Penetration Testing. We are looking for an emerging professional who has experience with web and network penetration testing. The ideal candidate will have developed skills in ethical hacking techniques and will be familiar with examining network, endpoint, cloud, and application security attack surfaces and vulnerabilities. We value superb communication skills, a passion for learning, leadership traits, resilience, and self-awareness. Analysts need to grasp the different steps involved in a cyber-attack, like reconnaissance, privilege escalation, persistence, and defense evasion. This role is perfect for those embarking on their career in offensive security, offering a unique opportunity to grow and make a significant impact on one of the world’s most recognizable brands.
Responsibilities
- Assist in the identification of vulnerabilities and exposures within enterprise networks, systems, and applications through guided offensive security engagements.
- Contribute to preparing technical documents, reports, and summaries from analyses to provide situational awareness to partners.
- Support the exploitation of embedded systems, web and mobile apps, cloud platforms, and office and restaurant networks.
- Regularly update management and partners on the progress of projects, ensuring timely and effective communication.
Requirements
- Exposure to penetration testing tools and techniques (e.g., nmap, Burp Suite, Impacket Suite, Bloodhound, situational awareness, etc.).
- Excellent written and verbal communication/presentation skills to describe assessment details and technical analysis.
- Proficiency in leading multiple concurrent workstreams and competing priorities.
- Experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
- Understand the purpose and utilization of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
Nice-to-haves
- Bachelor's degree or equivalent experience in offensive/defensive cybersecurity roles.
- Professional credentials such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable credentials.
- Knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
- Knowledge of Windows/Active Directory/Linux systems administration and attack surface.
- Proficiency with programming and scripting (Python, Powershell, Go, C, C++, C#, Javascript, etc.).
- Proficient in applying commercial and open-source offensive security tools like C2, BAS, and EASM.
- Exposure to leading/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.
Benefits
- Health and welfare benefits
- 401(k) plan
- Adoption assistance program
- Educational assistance program
- Flexible ways of working
- Time off policies (including sick leave, parental leave, and vacation/PTO)
- Bonus eligibility based on individual and company performance
A Smarter and Faster Way to Build Your Resume