Security Analyst

Actively Reviewing the Applications

ValueMentor

India, Kerala, Thrissur Full-Time On-site

Posted 14 hours ago • Apply by April 12, 2026

Job Description

Job Description

Key Responsibilities, Deliverables / Outcomes

As a Security Analyst specializing in Web Penetration Testing, you will assist in identifying vulnerabilities and assessing the security posture of web applications. You will work closely with senior team members to enhance your skills, perform web penetration testing, and contribute to delivering high-quality security assessments.

Assist in performing web application penetration tests (both manual and automated) on internal and external web applications.
Identify, exploit, and document web vulnerabilities (e.g., SQL injection, XSS, CSRF, etc.) under guidance.
Conduct vulnerability assessments using automated web application testing tools like OWASP ZAP, Burp Suite, and other relevant tools.
Analyze web application architectures and workflows to identify security risks.
Document findings, security weaknesses, and suggested remediation steps in detailed reports.
Collaborate with senior team members to refine findings and deliver professional-grade reports to clients.
Utilize tools such as Burp Suite, OWASP ZAP, Nikto, and Nmap for web security testing.
Ensure that testing tools and systems are kept up-to-date to ensure efficiency and coverage of emerging vulnerabilities.
Stay updated with the latest web security threats, exploits, and penetration testing techniques.
Participate in internal training sessions, contribute to team knowledge sharing, and expand your knowledge of web application security.
Follow industry standards such as OWASP Top 10, PTES, and other relevant guidelines during assessments.
Adhere to internal and client-specific security policies, ensuring compliance with industry best practices and security regulations.

Key Skills

Basic understanding of web application security concepts and common vulnerabilities.
Familiarity with web penetration testing tools like Burp Suite, OWASP ZAP, Nikto, and others.
Knowledge of common web application attack vectors (e.g., SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF)).
Ability to analyze and identify vulnerabilities in web technologies (e.g., HTML, JavaScript, HTTP, APIs).
Strong communication skills, including the ability to document findings clearly and concisely.
Willingness to stay up-to-date with the latest trends in web security and penetration testing.
Experience with basic web security testing or bug bounty programs.
Knowledge of OWASP Top 10 vulnerabilities and web security best practices.
Exposure to common web technologies like HTML, CSS, JavaScript, and web frameworks (e.g., React, Angular, Node.js).
Familiarity with basic network security tools like Wireshark, Nmap, and others.

Key Competencies