Posted in

Senior Information Security Analyst/Penetration Tester

Senior Information Security Analyst/Penetration Tester

CompanyRenewable Water Resources
LocationNew York, NY, USA
Salary$170000 – $185000
TypeFull-Time
Degrees
Experience LevelSenior, Expert or higher

Requirements

  • Strong knowledge of network services, vulnerabilities, exploits and attacks vectors and TTPs (Tactics, Techniques, and Procedures).
  • Proven experience in penetration testing, ethical hacking, or purple teaming.
  • Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and common exploit techniques.
  • Proficiency with tools like Burp Suite, Metasploit, Nmap, Nessus, Kali, Bloodhound, or similar.
  • Familiarity with scripting (e.g., Python, PowerShell) for automation and vulnerability validation.
  • Understanding of IT infrastructure, networking, system internals (Windows/Linux), and web/application security.
  • Strong knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment.
  • Experience with cloud environments (SaaS, iDP, AWS, Azure, GCP) and cloud security testing.
  • Knowledge of mobile app security vulnerabilities (iOS, Android) and threat modeling a plus.
  • Critical thinking, investigative mindset and ability to conduct root cause analysis.
  • Detail-oriented and able to meet tight deadlines.
  • Excellent written, verbal and interpersonal skills.
  • Highly motivated self-starter with an inquisitive personality.
  • Desire and ability to learn new skills and concepts.

Responsibilities

  • Perform real-time security log and event analysis and take action to contain and mitigate information security threats.
  • Conduct manual and automated penetration testing of web applications, APIs, networks, cloud environments, and mobile apps.
  • Simulate real-world cyber-intrusion techniques to identify security vulnerabilities and validate practical exposures/risks.
  • Develop automation workflows, routines and scripts to support advanced testing efforts and remediation validation.
  • Contribute to red team engagements, threat modeling, and purple team exercises.
  • Assist in maintaining existing security systems, such as IPS/IDS, Anti-Virus, EPO, SIEM, NAC and other cyberattack detection and analytics tools; assist with security technologies deployment, configuration, troubleshooting, maintenance, patching/upgrading and decommission.
  • Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework.
  • Work across teams to accomplish security program goals.

Preferred Qualifications

  • SPLUNK Administrator or Power User considered a plus.
  • Participation in Capture The Flag (CTF) events or offensive security challenges.
  • Certifications such as GPEN, OSCP, OSEP or similar are highly desirable.
  • CISSP, CISA, CEH, GIAC and other industry certifications considered a plus.