Security Analyst II
About The Position
The Security Analyst works directly with clients across a variety of industries to perform hands-on security assessments, identify vulnerabilities, and support remediation validation and retesting efforts. This role focuses on identifying—and when appropriate, exploiting—weaknesses in systems, applications, and networks through structured penetration testing activities. Working under the guidance of managers and senior lead pentesters, the Security Analyst collaborates closely with client security teams to interpret findings, answer questions, and provide actionable recommendations. Strong written and verbal communication skills are essential, as this role includes preparing professional reports and presenting results to both technical and executive stakeholders. This is an excellent opportunity for an early-career cybersecurity professional to gain hands-on experience, develop technical and analytical skills, and grow within a collaborative, client-focused consulting environment.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field, or an equivalent combination of education and experience.
- 1-2+ years of experience performing penetration testing and/or defensive security operations.
- Foundational knowledge of network protocols, operating systems (Windows and Linux), and cloud environments (AWS, Azure, or GCP).
- Familiarity with common security frameworks and standards (e.g., OWASP Top 10, MITRE ATT&CK, NIST, CIS).
- Ability and willingness to learn programming languages such as Python, Java, C#, or similar.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills.
- High level of integrity, professionalism, and commitment to ethical standards.
Nice To Haves
- Familiarity with penetration testing tools such as Burp Suite, Metasploit, Nmap, and Wireshark preferred.
- Exposure to defensive technologies including SIEM platforms, EDR solutions, firewalls, and IDS/IPS preferred.
- Experience translating technical findings into business risk impacts for non-technical audiences preferred.
Responsibilities
- Perform penetration testing of web applications, APIs, mobile applications, infrastructure, and cloud environments.
- Simulate real-world attack scenarios to identify security weaknesses and provide actionable remediation recommendations.
- Analyze and document vulnerabilities using industry-recognized frameworks and methodologies (e.g., OWASP, MITRE ATT&CK, CIS).
- Prepare clear, professional technical reports and executive summaries communicating findings, risks, and remediation guidance.
- Participate in client meetings, walkthroughs, and presentations to explain results and answer questions.
- Support remediation validation and retesting efforts.
- Stay current with emerging threats, tools, and security best practices through ongoing research and professional development.
- Contribute to the development and continuous improvement of internal testing methodologies, checklists, and procedures.
- Leverage scripting and coding skills to automate tasks and develop custom security tools where appropriate.
Benefits
- Comprehensive Health Coverage – Medical, dental, and vision.
- Retirement & Financial Planning Support – 401(k) with match, financial wellness programs.
- Generous Paid Time Off – Vacation, sick time, holidays, parental leave and volunteer days.
- Flexible Work Arrangements – Hybrid or remote options, flexible hours.
- Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
- Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
- Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
- Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
