Senior Offensive Security Analyst

ZS is a place where passion changes lives As a management consulting and technology firm focused on improving life and how we live it we transform ideas into impact by bringing together data science technology and human ingenuity to deliver better outcomes for all Here you ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients caregivers and consumers worldwide ZSers drive impact by bringing a client-first mentality to each and every engagement We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business Bring your curiosity for learning bold ideas courage and passion to drive life-changing impact to ZS We are hiring Senior Offensive Security Analyst in our Pune India office Qualified candidates will be responsible for conducting advanced penetration tests and security assessments across cloud and on-premises environments This role requires strategic and out-of-box thinking high technical expertise and effective communication skills to proactively identify and address security risks What You ll Do Typical daily work will consist of performing advanced penetration tests on cloud-based and on-premises infra to identify security weaknesses and loopholes Perform Red teaming Adversary emulations to simulate sophisticated cyberattacks and assess the effectiveness of existing security controls Conduct Purple team exercises in collaboration with Sec-Ops to assess the effectiveness of defensive measures and incident response capabilities through realistic attack simulation Develop and test custom exploits to demonstrate vulnerabilities and assess the potential impact on systems Execute social engineering attacks such as phishing or vishing to evaluate the organization s susceptibility to human-centric threats Perform Breach and Attack Simulations using BAS platform across the organization infrastructure Conduct comprehensive cloud penetration tests targeting AWS Azure GCP to identify and exploit misconfigurations insecure interfaces and vulnerabilities in cloud services and applications Assess and exploit weak IAM configurations privilege escalation paths and over-permissioned roles to identify security risks within cloud environments Collaborate with incident response team to provide insights and support during and after security incidents Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies Create detailed reports outlining findings from penetration tests red team exercises and vulnerability assessments that include clear actionable recommendations for remediation and risk mitigation What You ll Bring Proficiency in conducting penetration tests on internal networks web applications and systems to identify vulnerabilities and potential attack vectors Ability to simulate sophisticated adversary tactics techniques and procedures TTPs to mimic real-world cyber-attacks including social engineering spear-phishing and advanced malware deployment Expertise in techniques for lateral movement within a compromised network including pass-the-hash RDP hijacking and privilege escalation Ability to establish persistence using tools like Cobalt Strike Empire or custom scripts Skills in developing and deploying custom malware or payloads to evade traditional security controls like antivirus and endpoint detection and response EDR tools Experience with offensive security tools such as Metasploit Burp Suite Nmap Cobalt Strike Wireshark and Kali Linux for conducting vulnerability assessments and penetration testing Ability to design and execute social engineering and phishing attacks to assess organizational awareness and vulnerability to human factor exploits Familiarity with common reconnaissance exploitation and post exploitation techniques Proficiency in testing web applications for vulnerabilities such as SQL injection cross-site scripting XSS cross-site request forgery CSRF and other application-level attacks Strong Collaboration Communication and Interpersonal skills with the ability to collaborate effectively with cross-functional teams communicate complex technical concepts to non-technical stakeholders and build consensus around security initiatives Solid understanding of emerging threats vulnerabilities and exploits and an ability to think outside the box and emulate adversarial approaches In-depth knowledge of major cloud platforms AWS Azure GCP including their security models IAM roles virtual private cloud VPC configurations and cloud-native security tools Expertise in discovering and exploiting common cloud misconfigurations including insecure storage buckets overly permissive IAM roles and weak security group rules Ability to design cloud-specific threat models and conduct red teaming exercises that simulate advanced attacks on cloud environments to evaluate organizational defenses Bachelor s in computer science management of computer information information assurance or Cybersecurity 3 years of Penetration Testing Red-Teaming Offensive Security Must have Security Certifications OSCP GPEN Preferred Security Certifications CPTS CRTP CARTP CRTE CRTO I II OSEP OSED GRTP Preferred Security Cloud Certifications AWS Security Specialty Excellent independent self-motivational organizational personal project management skills High Expertise in performing offensive security assessments and penetration testing in cloud environments identifying vulnerabilities misconfigurations and exploitation vectors unique to cloud infrastructures Good to have knowledge of DevSecOps practices and experience in assessing and securing Infrastructure as Code IaC tools and templates e g Terraform CloudFormation to prevent vulnerabilities in cloud deployments Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities Experience on Breach and Attack Simulation BAS Tools like Cymulate Pentera Safebreach etc is a plus Fluency in English Client-first mentality Intense work ethic Collaborative spirit and problem-solving approach How you ll grow Cross-functional skills development custom learning pathways Milestone training programs aligned to career progression opportunities Internal mobility paths that empower growth via s-curves individual contribution and role expansions Hybrid working model ZS is committed to a Flexible and Connected way of working ZSers are onsite at clients or ZS offices three days a week Combined flexibility to work remotely two days a week is also available The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections Perks Benefits ZS offers a comprehensive total rewards package including health and well-being financial planning annual leave personal growth and professional development Our robust skills development programs multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member We are committed to giving our employees a flexible and connected way of working A flexible and connected ZS allows us to combine work from home and on-site presence at clients ZS offices for the majority of our week The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections Travel Travel is a requirement at ZS for client facing ZSers business needs of your project and client are the priority While some projects may be local all client-facing ZSers should be prepared to travel as needed Travel provides opportunities to strengthen client relationships gain diverse experiences and enhance professional growth by working in different environments and cultures Considering applying At ZS we honor the visible and invisible elements of our identities personal experiences and belief systems the ones that comprise us as individuals shape who we are and make us unique We believe your personal interests identities and desire to learn are integral to your success here We are committed to building a team that reflects a broad variety of backgrounds perspectives and experiences about our inclusion and belonging efforts and the networks ZS supports to assist our ZSers in cultivating community spaces and obtaining the resources they need to thrive If you re eager to grow contribute and bring your unique self to our work we encourage you to apply ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law To complete your application Candidates must possess or be able to obtain work authorization for their intended country of employment An on-line application including a full set of transcripts official or unofficial is required to be considered NO AGENCY CALLS PLEASE Find Out More At