Back to Jobs
Cyber Security Analyst - Penetration Tester
Actively Reviewing
Ford Motor Company
Job Description
Job Description
Cyber Security Analyst – Penetration Testing is responsible for performing security assessments for applications, infrastructure and emerging technologies, guiding product / service teams in secure design and implementation of IT systems.
Responsibilities
Position responsibilities include:
Skillset required:
Cyber Security Analyst – Penetration Testing is responsible for performing security assessments for applications, infrastructure and emerging technologies, guiding product / service teams in secure design and implementation of IT systems.
Responsibilities
Position responsibilities include:
- Perform Penetration tests for high-risk Enterprise IT assets.
- Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.
- Work with PDO team to define and agree the scope of the test.
- Perform Pen testing for web / mobile applications to verify security implementation and identify vulnerabilities; this includes testing for broken access control, identification and authentication failures, injection, insecure design, security misconfiguration, cryptographic failures, usage of vulnerable and outdated components.
- Conduct penetration testing activities in an ethical and responsible manner, ensuring that the organization's systems are not negatively impacted by the testing.
- Assess the risk of identified vulnerabilities by evaluating likelihood and impact, propose countermeasures and remediation.
- Document and effectively communicate the technical findings and recommendations to non-technical stakeholders, such as management and business leaders, in a clear and understandable manner.
- Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Use Standard Operating Procedure (SOP) for securely conducting penetration testing studies.
- Develop, test, and maintain custom security testing scripts for vulnerability testing.
- Leverage industry best practices to continually improve process maturity.
- Promote awareness of security issues among application teams and business teams through training and awareness programs.
- Provide feedback for improving Penetration Testing tools and processes and continuously improve the testing methods.
- Staying up to date with the latest security trends, tools, and techniques to enhance penetration testing skills and knowledge.
- Stay updated on emerging technologies.
Skillset required:
- Experience in different Penetration Testing processes and tools with specialization in web and mobile applications and API services.
- Experience in security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.
- Knowledge of industry frameworks for penetration testing like OWASP, PTES, MITRE ATT&CK, Metasploit.
- Ability to understand complex information system architecture and business process and develop attack methods.
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Experience in deploying various attack methods and techniques (DDoS, brute force, spoofing, Injection attacks etc.).
- Experience in creating and extracting important information from packet captures.
- Knowledge and experience in applying cryptography, including encryption, hashing, key management, digital certificates, and TLS, to protect data and communications.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of cloud security, API security and AI security.
- Knowledge of identity and access management systems (e.g.: OAuth, OpenID, SAML).
- Knowledge of organization's information security policies, standards, and procedures.
- Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.
- Excellent analytical, communication, documentation, and presentation skills.
- Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.
- Bachelor’s degree in computer science, Cyber Security, or related field of study
- 2+ years of experience in Cyber Security or related fields of IT.
- Knowledge of Penetration Testing Framework such as OWASP, MITRE ATT&CK, Metasploit etc.
- Cyber security certifications like OSCP, CEH, GPEN, Pentest+ are highly desirable.
Required Skills
Similar Jobs
View all →
Business Analyst with Mortgage SME
Cognizant
Chennai
Solution architecture
Machine Learning
Design patterns
+15
Data governance with Gen AI/AI
Citi
Bengaluru
Machine Learning
Root Cause Analysis
Adobe Illustrator
+13
AI Workflow Automation Engineer
Avalara
India
Event-driven architecture
OAuth 2.0
Machine Learning
+5
Senior Full Stack Developer
INNOFarms.AI
Gurgaon
Machine Learning
REST API
Tailwind CSS
+35
Manual Tester-MacOS (Desktop Application)
Remote Office
India
OAuth 2.0
Adobe Illustrator
Issue management
Share
Quick Apply
Upload your resume to apply for this position
–