Security Analyst Jobs Opening in For a Client of TeamLease Digital at Bengaluru
FEATURED JOBSecurity Analyst
Job Description
Perform authorized penetration tests and red-team style assessments focused on web applications, REST APIs, and cloud-native environments (including Kubernetes). Identify, validate and help remediate vulnerabilities using modern offensive and reconnaissance tooling. Produce clear, actionable reports and work with dev/ops teams to reduce risk.
Key responsibilities
Plan and execute internal and external penetration tests for web applications, APIs and networked services under an approved scope.
Perform API security assessments (authentication, authorization, input validation, business logic, rate limiting, fuzzing).
Assess containerized and cloud-native deployments (Kubernetes configuration, network policies, cluster hardening).
Use reconnaissance, scanning and exploitation tools (nmap, Nessus, Metasploit, Burp Suite, etc.) to identify vulnerabilities and validate fixes.
Train teams on secure coding best practices and OWASP Top 10 relevance to APIs and web apps.
Required skills & experience
3+ years in penetration testing, red team, or offensive security role (adjust for level).
Hands-on experience testing web applications and APIs (REST, GraphQL).
Practical familiarity with OWASP Top 10, OWASP API Security Top 10, and common API vulnerabilities (e.g., broken auth, excessive data exposure, object-level authorization).
Proficient with networking and reconnaissance tools: nmap, tcpdump/wireshark, Nessus or similar vulnerability scanners.
Experience using exploitation and post-exploitation frameworks: Metasploit (and safe knowledge of exploit validation).
Experience with web proxy / testing tools: Burp Suite, Postman (for API testing and automation), and fuzzing tools.
Knowledge of container orchestration (Kubernetes): cluster components, RBAC, network policies, common misconfigurations and hardening techniques.
Strong reporting and communication skills — ability to explain technical issues to engineers and executives.
Familiar with secure development lifecycle (SDL) and integration of security into CI/CD pipelines.
Preferred / nice-to-have
Familiarity with Nessus, Qualys, OpenVAS or Tenable product ecosystem.
Scripting skills: Python, Bash, or Go for tool development and automation.
Experience with cloud platforms (AWS/Azure/GCP) and cloud security controls.
Experience with infrastructure-as-code scanning and IaC security (Terraform, CloudFormation)
