Offensive Security Analyst

Offensive Security Analysts support our delivery consultants in running our offensive security services. They help interpret client challenges, innovate solutions, and deliver findings. Our aim is to become trusted advisors to our clients.

You will work across the full spectrum of our pentesting services, whether point-in-time or continuous, and participate in larger engagements such as red teams. You will help our clients build cyber resilience, enhance their understanding of the threat landscape, and become better prepared to face dynamic and evolving security risks.

1.1 MAIN DUTIES AND RESPONSIBILITIES

Client Engagement and Account Management

• Engage with clients to understand their cybersecurity challenges.
• Translate client challenges into solutions that fit SRMs Offensive Security service offerings and value proposition.
• Develop an understanding of delivery timelines, project resourcing requirements, and pricing.
• Understand SRMs proposal process and lead on proposal writing and presentations in some cases.
• Contribute to the expansion of client accounts and the winning of new business.
• Gain an understanding of SRMs target sectors and industries.

Offensive Security

• Perform penetration testing.

Vulnerability assessments and monitoring

• External infrastructure
• External Attack Surface Management
• Web application testing
• Phishing and spear phishing testing
• Mobile application pentesting (Android and iOS)
• Open Source Intelligence (OSINT) gathering
• Configuration reviews
• Application configuration review
• Hardware build review
• Firewall review

Deliver findings in various formats, including written reports, presentations, and verbal briefings.

Stay updated on threat intelligence developments, threat actor activity, and security industry advancements in mitigations and tooling.

• Develop and deliver client threat profiles, threat assessments, and dark web analysis.

Project Management

• Support vCISO engagements by accessing SRMs resources and expertise.
• Collaborate with incident response, ethical hacking, and digital forensics teams to integrate services and support clients.
• Support the delivery of retainer relationships.
• Support the delivery of the Attack Surface Management (ASM) service.

Internal Initiatives and Strategy

• Support internal initiatives on product development, process management, tech enablement, and exploring ways to support clients.
• Contribute to adapting security frameworks to create innovative products.
• Challenge existing products and services; suggest alternative approaches where appropriate.

Develop documentation and evolve testing methodologies where applicable.

Professional Development and Domain Knowledge

• Commit to continuous professional development and expanding cybersecurity knowledge in line with personal utilization targets.
• Complete up to one formal training course annually beyond internal sessions.
• Share knowledge with the team, including contributing to internal training initiatives and programs.

Required Experience:

Key Skills