Hiring: Information Security Analyst (VA/PT)**
We are excited to announce an immediate opening for the role of **Information Security Analyst (VA/PT)** at Paralok in Bangalore! We are looking for a passionate individual with 2 to 3 years of experience in Vulnerability Assessment (VA) and Penetration Testing (PT) to join our growing team. If you’re eager to take on new challenges in a dynamic cybersecurity environment and contribute to protecting organizations against evolving cyber threats, this could be the perfect opportunity for you.
### **Position Overview**
As an Information Security Analyst specializing in Vulnerability Assessment and Penetration Testing (VA/PT), you will play a crucial role in identifying, assessing, and mitigating security vulnerabilities across various systems, applications, and networks. The ideal candidate will have a strong technical background and hands-on experience in VA/PT methodologies. Your role will be instrumental in ensuring that the organization’s information assets remain secure by identifying weaknesses before they can be exploited by malicious actors.
In this role, you will be responsible for conducting regular security assessments, simulating real-world attacks, and developing actionable strategies to mitigate risks. You will work closely with cross-functional teams to ensure that security best practices are integrated into our IT infrastructure, applications, and processes.
### **Key Responsibilities**
– **Vulnerability Assessments (VA)**: Conduct in-depth vulnerability assessments on IT infrastructure, applications, and network environments. Identify potential vulnerabilities, misconfigurations, and weaknesses in security controls and provide detailed remediation recommendations.
– **Penetration Testing (PT)**: Perform comprehensive penetration testing of web applications, mobile applications, APIs, and network systems to identify security gaps. Simulate real-world attack scenarios to uncover vulnerabilities and evaluate their potential impact on business-critical systems.
– **Risk Mitigation**: Develop and implement mitigation strategies to address identified vulnerabilities. Work closely with the IT and development teams to prioritize and remediate security issues in a timely and effective manner.
– **Security Tools & Technologies**: Utilize industry-standard tools such as Nessus, Burp Suite, OWASP ZAP, Nmap, Metasploit, Kali Linux, and other related tools to perform security assessments. Stay updated with the latest security trends, tools, and techniques to enhance the organization’s security posture.
– **Reporting & Documentation**: Prepare comprehensive vulnerability assessment and penetration testing reports, detailing identified risks, their severity, and recommended fixes. Present these findings to technical and non-technical stakeholders in an easily understandable manner.
– **Security Best Practices**: Promote a security-first mindset within the organization by helping to implement and enforce security policies, procedures, and standards. Ensure that security practices are integrated into the development lifecycle (DevSecOps) to prevent future vulnerabilities.
– **Collaboration & Communication**: Work closely with different teams including IT, development, and operations to ensure that identified vulnerabilities are addressed promptly and effectively. Communicate security risks and mitigation strategies to stakeholders at all levels, providing guidance on best practices and solutions.
– **Incident Response**: Assist in incident response activities as needed, including investigating security incidents, performing root cause analysis, and providing recommendations for remediation and future prevention.
### **Required Skills and Experience**
– **Experience**: 2 to 3 years of hands-on experience in Vulnerability Assessment and Penetration Testing. You should have demonstrable experience in performing VA/PT in different environments including web, mobile, and network systems.
– **Technical Expertise**: In-depth knowledge of security assessment tools and techniques such as Nessus, Nmap, Metasploit, Burp Suite, Kali Linux, Wireshark, and others. Strong understanding of network security, application security, cloud security, and system vulnerabilities.
– **Penetration Testing Methodologies**: Familiarity with OWASP Top 10 vulnerabilities, SANS/CWE Top 25, and other recognized security vulnerability databases. Ability to identify and exploit vulnerabilities in a controlled environment and provide effective recommendations for their mitigation.
– **Security Certifications**: Certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar qualifications will be highly advantageous.
– **Problem-Solving Skills**: Strong analytical and problem-solving skills, with the ability to assess risks, understand their impact, and develop effective solutions to mitigate them.
– **Communication Skills**: Excellent verbal and written communication skills, with the ability to explain technical vulnerabilities and risks to non-technical stakeholders. You should be able to present findings in a clear, concise, and actionable manner.
– **Attention to Detail**: A sharp eye for identifying security vulnerabilities and a meticulous approach to performing assessments and documenting results.
– **Teamwork & Collaboration**: Strong interpersonal skills and the ability to work effectively with cross-functional teams. You should be able to collaborate and share knowledge with colleagues to promote a culture of security across the organization.
### **Desired Certifications (Optional but Preferred)**
– **CEH** (Certified Ethical Hacker)
– **OSCP** (Offensive Security Certified Professional)
– **CISSP** (Certified Information Systems Security Professional)
– **GIAC** (Global Information Assurance Certification)
### **Location**
This role is based in **Bangalore**, India, and we are looking for **immediate joiners** who are ready to take on the challenges of this exciting role.
### **How to Apply**
Interested candidates are encouraged to send their updated resume to anupama@paralok.com or directly message us on LinkedIn. We are looking for someone who is passionate about cybersecurity and eager to contribute to a growing team of professionals dedicated to protecting businesses from evolving cyber threats.
—
This position offers a unique opportunity to advance your career in cybersecurity while working on cutting-edge security assessments. Join us in safeguarding digital assets and making a real difference in the field of information security!