Senior Information Security Analyst/Penetration Tester
| Company | Renewable Water Resources |
|---|---|
| Location | New York, NY, USA |
| Salary | $170000 – $185000 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior, Expert or higher |
Requirements
- Strong knowledge of network services, vulnerabilities, exploits and attacks vectors and TTPs (Tactics, Techniques, and Procedures).
- Proven experience in penetration testing, ethical hacking, or purple teaming.
- Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and common exploit techniques.
- Proficiency with tools like Burp Suite, Metasploit, Nmap, Nessus, Kali, Bloodhound, or similar.
- Familiarity with scripting (e.g., Python, PowerShell) for automation and vulnerability validation.
- Understanding of IT infrastructure, networking, system internals (Windows/Linux), and web/application security.
- Strong knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment.
- Experience with cloud environments (SaaS, iDP, AWS, Azure, GCP) and cloud security testing.
- Knowledge of mobile app security vulnerabilities (iOS, Android) and threat modeling a plus.
- Critical thinking, investigative mindset and ability to conduct root cause analysis.
- Detail-oriented and able to meet tight deadlines.
- Excellent written, verbal and interpersonal skills.
- Highly motivated self-starter with an inquisitive personality.
- Desire and ability to learn new skills and concepts.
Responsibilities
- Perform real-time security log and event analysis and take action to contain and mitigate information security threats.
- Conduct manual and automated penetration testing of web applications, APIs, networks, cloud environments, and mobile apps.
- Simulate real-world cyber-intrusion techniques to identify security vulnerabilities and validate practical exposures/risks.
- Develop automation workflows, routines and scripts to support advanced testing efforts and remediation validation.
- Contribute to red team engagements, threat modeling, and purple team exercises.
- Assist in maintaining existing security systems, such as IPS/IDS, Anti-Virus, EPO, SIEM, NAC and other cyberattack detection and analytics tools; assist with security technologies deployment, configuration, troubleshooting, maintenance, patching/upgrading and decommission.
- Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework.
- Work across teams to accomplish security program goals.
Preferred Qualifications
- SPLUNK Administrator or Power User considered a plus.
- Participation in Capture The Flag (CTF) events or offensive security challenges.
- Certifications such as GPEN, OSCP, OSEP or similar are highly desirable.
- CISSP, CISA, CEH, GIAC and other industry certifications considered a plus.