Sr Security Analyst – Enterprise Vulnerability Management
Location: Bangalore
Position Type: Full-time
Experience Level: Minimum 4-5 years
Job Description:
Do you see yourself as the first line of defense, combining deep penetration testing expertise
with a passion for secure software development? Join our progressive cybersecurity team as a
Sr Security Analyst. You'll play a critical role executing both manual and automated penetration
tests, partnering with development groups, and embedding security best practices organization
wide.
Key Responsibilities:
Conduct hands-on penetration testing of applications, infrastructure, and cloud
deployments, good concept on SASE solutions ensuring early detection of
vulnerabilities.
Simulate advanced cyber threats through red team exercises and communicate results
clearly and constructively.
Work directly with developers and DevOps engineers to embed security into every
deployment (DevSecOps), automating and monitoring secure coding practices in the
SDLC.
Oversee vulnerability management from identification to remediation, employing tools
like Qualys, Tenable, and SAST solutions including Veracode and Snyk.
Analyze and responsibly disclose security risks, providing prescriptive, prioritized
recommendations for development, IT, and leadership teams.
Champion continuous improvements, staying abreast of security trends and
implementing enhancements to protection strategies and tooling.
Support and train team members, serving as a role model for a culture of knowledge
sharing and proactive security.
Facilitate security-focused communication between business, IT, and engineering teams.
Qualifications:
Bachelor’s degree in Computer Science, Information Security, or related discipline, or
equivalent real-world experience.
Minimum of 3 years performing penetration testing, with significant knowledge of
vulnerability management and DevSecOps.
Expertise in penetration testing tools and frameworks (e.g., Burp Suite, NMAP, RASP,
Kali Linux, OWASP Top Ten, CVSS Scoring, MITRE ATT&CK).
Experience operationalizing vulnerability management platforms and SAST tools inside
CI/CD workflows.
Working understanding of Linux, Windows, networking, and major cloud platforms (AWS,
Azure, GCP).
Confident communicator able to interact with technical and business stakeholders.
Relevant certifications (OSCP, CEH, PNPT, CPPT) are a strong advantage.