IS Analyst - VAPT

The IS Analyst- VAPT position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. You will consult with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. Reporting to the Information Security Manager in India, you will be a key member of the GCS IS Ethical Hacking & Data Protection Team. As an IS Analyst- VAPT, your responsibilities will include performing and facilitating network and application penetration tests for internal teams, advising on security best practices, developing remediation recommendations tailored to specific environments, and delivering high-quality reports for IT administrators and developers. You will monitor vulnerability trends and recommend security enhancements consistent with the information security strategy. To excel in this role, you are expected to possess experience with BurpSuite and other web attack proxies, proficiency in the Vulnerability Management lifecycle, technical skills in web application penetration testing, an understanding of web application vulnerabilities, experience with penetration testing tools, proficiency in Linux, and knowledge of cloud services such as Azure and AWS. Additionally, you should have strong English verbal and written communication skills to effectively communicate information security matters to various stakeholders. Your ability to work collaboratively in a team, across multiple time zones, is essential for success in this position. The ideal candidate will hold a Bachelor's degree or equivalent experience, along with at least 5 years of application penetration testing and/or red teaming experience. Relevant certifications like GPEN, GWAPT, OSCP, CPTE, ITVA, or CISSP are preferred, as well as experience with CTF platforms and ISO 27001/2 or other information security industry regulatory controls. In summary, as the IS Analyst- VAPT, you will play a critical role in ensuring the security of networks and applications, providing valuable insights and recommendations to enhance information security practices within the organization.,