Senior Offensive Security Malware, Lead Analyst

Citi•Fort Lauderdale, FL

About The Position

Lead the offensive security program for malware analysis and response, focusing on proactively securing the software development lifecycle. Perform manual and dynamic analysis on potential open-source malware within NPM, Python, and other package ecosystems to identify supply chain risks. Act as a subject matter expert in offensive information security, performing manual security assessments on web technologies, including APIs, JavaScript Frameworks, and Artificial Intelligence systems. Conduct and facilitate security reviews, penetration testing engagements, and table-top/red-team/scenario analysis exercises. Drive remediation efforts by outlining defense-in-depth strategies and providing strategic solutions to developers on effective security controls. Evaluate, recommend, and assist in the selection of new and emerging external products, applications, and technologies with a focus on their security implications. Work closely with internal Applications Development to enhance both architecture and application security. Identify opportunities for enhancements to security standards, tools, and processes, and contribute to the review of internal activities for potential improvement and automation. Define secure configurations for network, database, server, and desktop technologies in alignment with security policies. Develop strong technical documentation and deliver clear presentations to articulate vulnerability assessment results to both technical and non-technical audiences. Assess risk during business decisions, ensuring compliance with applicable laws, rules, and regulations while safeguarding the firm's assets and reputation.

Requirements

Bachelor's Degree with a minimum of 10 years' relevant experience, or a Master's Degree with a minimum 5 years' experience in Malware analysis and/or application penetration testing
Proven background in penetration testing and expertise in the risks associated with software supply chains and dependency trees.
Hands-on experience with security testing tools such as BurpSuite Proxy, Postman, AppScan, WebInspect, and similar technologies.
Must have or be willing to obtain industry-accredited security certifications such as OSCP, OSWE, CISSP, GWAPT, GPEN, or other related credentials.
Advanced analytical and problem-solving skills with a demonstrated ability to take ownership and follow up on issues.
Proficient in interpreting and applying policies, standards, and procedures.
Excellent written and verbal communication skills.
Demonstrated ability to work effectively in a team environment and perform well under pressure.

Nice To Haves

Experience leveraging Artificial Intelligence to enhance offensive security processes is highly desirable.

Responsibilities

Lead the offensive security program for malware analysis and response.
Perform manual and dynamic analysis on potential open-source malware to identify supply chain risks.
Act as a subject matter expert in offensive information security.
Conduct and facilitate security reviews, penetration testing engagements, and table-top/red-team/scenario analysis exercises.
Drive remediation efforts by outlining defense-in-depth strategies.
Evaluate and recommend new and emerging technologies with a focus on their security implications.
Work closely with internal Applications Development to enhance architecture and application security.
Identify opportunities for enhancements to security standards, tools, and processes.
Define secure configurations for network, database, server, and desktop technologies.
Develop strong technical documentation and deliver clear presentations.
Assess risk during business decisions, ensuring compliance with applicable laws, rules, and regulations.