InfoSec L2 VM (App) Analyst

POSITION RESPONSIBILITIES

Conduct security testing and vulnerability assessments for various applications, including web applications, mobile apps, business systems, and APIs.

Assist in the identification, analysis, and prioritization of vulnerabilities, ensuring timely and effective remediation in collaboration with development teams.

Support the development and execution of secure coding practices and application security guidelines.

Monitor and interpret vulnerability scanning results to identify trends, root causes, and systemic risks, providing actionable insights to stakeholders.

Collaborate with the wider Vulnerability Management team and other stakeholders to maintain and improve security processes and tools.

Stay updated on emerging threats, vulnerabilities, and industry best practices to enhance testing methodologies and overall security strategies.

Create and maintain detailed documentation and reports to track security metrics and demonstrate compliance with applicable standards.

100%

ORGANIZATIONAL RELATIONSHIPS

The Analyst will work closely with the Vulnerability Management Application Security Engineer and the onshore vulnerability management team to execute security testing initiatives.

This role will also collaborate with:

Application Development teams to address vulnerabilities and implement secure coding practices.

Cloud and Application Security teams to align on strategy and processes.

Other stakeholders within the Zoetis Tech & Digital (ZTD) organization to support vulnerability remediation efforts.

EDUCATION AND EXPERIENCE

Education:

University Degree in Computer Science or Information Systems is required

MS or advanced identity courses or other applicable certifications is desirable, including:

o Certified Information Systems Security Professional (CISSP)

Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience:

A minimum of 4+ years of relevant experience with a strong background in vulnerability management and security engineering

2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health

Experience working with global teams across multiple time zones

Demonstrated ability to work within diverse technical teams

TECHNICAL SKILLS REQUIREMENTS

Hands-on experience in application security assessments, penetration testing, or secure development practices

Proficiency with application security and vulnerability scanning tools, such as Burp Suite, Veracode, and HCL AppScan

Knowledge of web application, mobile app, and API penetration testing methodologies

Familiarity with the Software Development Lifecycle (SDLC), secure coding practices, and application development processes

Understanding of application security vulnerabilities (e.g., OWASP Top 10), security frameworks (e.g., NIST), and risk mitigation strategies

Experience working with cloud platforms such as AWS and Azure is desirable

Strong analytical skills and a detail-oriented approach to identifying and addressing vulnerabilities

Excellent verbal and written communication skills to create reports and collaborate with internal teams

Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)

• Full Time