Offensive Security Analyst

Offensive Security Analysts support our delivery consultants running our offensive security services. They help to interpret client challenges, innovate solutions, and deliver findings. Our aim is to become trusted advisors to our clients.

You will work across the full spectrum of our pentesting services, whether point in time or continuous, as well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience, enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.

1.1 MAIN DUTIES AND RESPONSIBILITIES

Client Engagement and Account Management

• Engage with clients to understand their cyber security challenges
• Translate client challenges into solutions that fit S-RM's Offensive Security service offering and value proposition
• Develop an understanding of delivery timelines, project resourcing requirements and pricing
• Understand S-RM's proposal process and lead on proposal writing and presentations in some cases
• Contribute to the expansion of client accounts and winning of new business
• Gain an understanding of S-RM's target sectors and industries

• Penetration testing
  • Vulnerability assessments and monitoring
  • External infrastructure
  • External Attack Surface Management
  • Web application
  • API pentesting
  • Phishing and spear phishing
  • Internal pentesting
  • Mobile application pentesting (Android and iOS)
  • OT Pentesting
  • IOT Pentesting
  • Cloud Pentesting
  • Open-Source Intelligence (OSINT) gathering

• Configuration Reviews
  • Cloud configuration review
  • Application configuration review
  • Hardware build review
  • Firewall review

• Delivery & Client communications
  • Deliver findings in a range of formats, including written reports, presentations, and verbal briefings

• Threat Intelligence
  • Keep abreast of threat intelligence developments, threat actor activity and security industry developments in mitigations and tooling
  • Develop and deliver client threat profiles, threat assessments and dark web analysis

• Support vCISO engagements, accessing the full range of S-RM's resources and expertise
• Collaborate with incident response, ethical hacking, and digital forensics teams to integrate our services and support to clients
• Support the delivery of retainer relationships
• Support the delivery of the Attack Surface Management (ASM) service

• Support internal initiatives on product development, process management, tech enablement, efficiency and exploring different ways to support clients
• Contribute to the adaption of security frameworks to create innovative products
• Challenge received wisdom and existing products and services. Suggest alternative approaches where appropriate
  • Develop documentation and evolve the testing methodologies where applicable

• Commit to continuous professional development and personal knowledge improvement across the full range of cyber security competencies, in line with personal utilisation targets (see Objectives)
• Complete up to one formal training course over the financial year. This is beyond internal training sessions
• Share knowledge with the wider team in line with company values, including contributing to internal training initiatives and programmes