Intermediate Security Analyst to support a banking client with Pentesting, purple teaming & TTX logic, and programming/scripting

Our client is looking for Intermediate Security Analyst to support a banking client with Pentesting, purple teaming & TTX logic, and programming/scripting.

Overview:

Advanced Penetration Testing: Perform comprehensive, hands-on penetration tests (Black Box, Grey Box, White Box) on web applications, APIs, network infrastructure, and cloud environments, simulating real-world attack scenarios using tools like Burp Suite, Postman, and Kali Linux.

Must Have's:

• 3+ years of experience as a Security Analyst
• Seasoned Penetration Testing Expertise: Proven, hands-on experience in exploiting vulnerabilities in modern systems, including OWASP Top 10, API security flaws (CWE/CVE), and cloud misconfigurations (AWS/Azure/GCP)
• Programming/Scripting: Proficiency in at least one scripting language (Python, PowerShell) for automation, exploit development, and custom tool creation.
• Attack Frameworks: Strong knowledge of Burp Suite, Cobalt Strike, and other offensive frameworks.
• Develop and maintain custom tools and scripts (e.g., Python, PowerShell) to enhance the efficiency and scope of security assessments

Responsibilities:

• Purple Team & Adversary Emulation: Design and execute targeted operations to test the company's security monitoring, detection, and response capabilities. Partner closely with the Blue Team to validate fixes and assist in designing preventative security controls.
• TTX Technical Design: Design and build technically-grounded attack patterns and "injections" for strategic, company-wide enterprise crisis simulations and focused, operational TTXs.
• Vendor & External Testing Management: Lead the creation of detailed Statements of Work (SOWs) and Rules of Engagement (ROEs) for third-party penetration testing vendors, managing the full testing lifecycle through final report review and risk acceptance.
• Cross-Functional Risk Communication: Act as a bridge between the technical security team and non-cyber teams, clearly articulating technical vulnerabilities as business risks and driving remediation efforts with non-technical stakeholders.
• Vulnerability Reporting & Peer Review: Produce clear, detailed, and technically accurate reports outlining vulnerabilities, the exploit path, and risk-rated recommendations. Perform peer reviews of reports from other penetration testers to ensure accuracy and reproducibility.
• Documentation & SOPs: Develop and maintain high-quality operational documentation, including Standard Operating Procedures (SOPs), Job Aids, and technical runbooks for testing methodologies and post-exercise remediation processes.