Information Technology Security Analyst

IT Security Analyst

• Dublin, Ireland
• Full-time

Job Description

• Conduct in-depth penetration testing of cloud environments (AWS, Azure, GCP), focusing on identifying complex vulnerabilities and security misconfigurations.
• Perform penetration testing of containerized applications (Docker, Kubernetes) and serverless architectures.
• Develop and execute custom penetration testing methodologies and tools to simulate real-world attacks.
• Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).
• Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for static and dynamic analysis.
• Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, and network simulation.
• Perform comprehensive security assessments of RESTful and other API architectures.
• Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.
• Perform security testing for distributed systems and microservices.
• Expert knowledge of hacking authentication methods such as OAuth, SAML, and JWT.
• Knowledge of macOS and Windows Active Directory systems and their security implications.
• Deep understanding of Linux operating systems and their security implications.
• Ability to analyze and understand complex software architectures and codebases.
• Work closely with software engineers to provide security guidance and recommendations.
• Basic knowledge of Python or Go programming languages for scripting and tool development.
• Collaborate effectively with cross-functional teams, including software engineers, cloud architects, and security professionals.
• Communicate security findings and recommendations clearly and concisely to both technical and non-technical audiences.
• Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack techniques.
• Conduct security research and develop new penetration testing methodologies.
• Have experience in threat modelling, red/blue teaming, working with best-in-class independent engineering teams.

Nice-to-Have:

• Administer and optimize Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools.
• Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection.
• Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments.
• Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.

Qualifications

• BA or BSc. in Computer Science, Information Security, or a related field.
• 6+ years of experience in penetration testing, with a strong focus on cloud security.
• Expert-level knowledge of cloud platforms (AWS, Azure, GCP) and their security services.
• Proven experience in API security testing and authentication hacking.
• Strong understanding of Linux, macOS and Windows Active directory operating systems and software development practices.
• Proficiency in using penetration testing tools and frameworks, including commercial tools like Checkmarx, Invicti, and Synopsys etc.
• Excellent communication and collaboration skills.
• Deep understanding of the MITRE ATT&CK framework.
• Experience working in a software development environment.

Nice-to-Have:

• Relevant security certifications (e.g., OSCP, OSCE, GPEN, GWAPT).
• Experience with CSPM and SSPM tools.