Lead and execute penetration testing of APIs, web applications, and internal/external systems
Coordinate penetration testing activities with application/system owners and guide issue resolution
Act as a subject matter expert on offensive security and secure design for enterprise projects
Contribute to operating system hardening standards and secure configuration guidelines
Manage vulnerability management activities and ensure remediation efforts are effective
Evaluate and advise on new technologies for secure enterprise adoption
Provide consulting and training to business and technical teams on reducing security risks
Partner with regulators and internal auditors on compliance reporting and assessments
Monitor and scan systems for compliance with security standards, remediating gaps as needed
Recommend process improvements to strengthen the enterprise security posture

5+ years of relevant experience in information security, with at least 2 years of hands-on penetration testing
Expertise across multiple security domains, including penetration testing, vulnerability assessment, risk assessment, and secure architecture
Strong knowledge of application security principles, including secure SDLC and threat modeling
Practical experience with tools such as Burp Suite, Metasploit, Nmap, Nessus, or similar
Familiarity with regulatory and industry frameworks (ISO 27001, PCI-DSS, FFIEC, OCC, etc.)
Excellent communication and documentation skills — able to present complex findings to both technical and non-technical audiences
Ability to mentor junior team members and influence cross-functional teams
Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field (or equivalent experience)
Professional certifications strongly preferred: OSCP, GPEN, GXPN, CISSP, or similar
Candidates must possess unrestricted work authorization and not require future sponsorship.

Senior Analyst, Information Security

Key skills