Jobs via Dice
Sr. Information Security Analyst (Penetration Testing)
Jobs via Dice, New York, New York, us, 10261
Sr. Information Security Analyst (Penetration Testing)
The Sr. Information Security Analyst (Penetration Testing) will monitor the firm’s security systems and conduct penetration tests of the WLRK infrastructure. Key responsibilities include daily monitoring activities, SIEM and other security tools, identification and mitigation of suspicious events, controlled penetration tests, vulnerability identification, report delivery with recommendations, support of other Security Operations activities, deployment, operation of information security systems, and work on a diverse set of security related projects and responsibilities. Essential Duties and Responsibilities
Perform real-time security log and event analysis and take action to contain and mitigate information security threats. The events will originate from SIEM, DLP, IDS, IPS, antivirus, firewalls, system security logs and user reports. Conduct manual and automated penetration testing of web applications, APIs, networks, cloud environments, and mobile apps. Simulate real-world cyber-intrusion techniques to identify security vulnerabilities and validate practical exposures/risks. Develop automation workflows, routines and scripts to support advanced testing efforts and remediation validation. Contribute to red team engagements, threat modeling, and purple team exercises. Assist in maintaining existing security systems, such as IPS/IDS, Anti-Virus, EPO, SIEM, NAC and other cyberattack detection and analytics tools; assist with security technologies deployment, configuration, troubleshooting, maintenance, patching/upgrading and decommission. Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework. Work across teams to accomplish security program goals. Knowledge, Skills, and Abilities Required
Strong knowledge of network services, vulnerabilities, exploits and attack vectors and TTPs (Tactics, Techniques, and Procedures). Proven experience in penetration testing, ethical hacking, or purple teaming. Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and common exploit techniques. Proficiency with tools like Burp Suite, Metasploit, Nmap, Nessus, Kali, Bloodhound, or similar. Familiarity with scripting (e.g., Python, PowerShell) for automation and vulnerability validation. Understanding of IT infrastructure, networking, system internals (Windows/Linux), and web/application security. SPLUNK Administrator or Power User considered a plus. Strong knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment. Experience with cloud environments (SaaS, iDP, AWS, Azure, Google Cloud Platform) and cloud security testing. Knowledge of mobile app security vulnerabilities (iOS, Android) and threat modeling a plus. Participation in Capture The Flag (CTF) events or offensive security challenges. Critical thinking, investigative mindset and ability to conduct root cause analysis. Detail-oriented and able to meet tight deadlines. Excellent written, verbal and interpersonal skills. Highly motivated self-starter with an inquisitive personality. Desire and ability to learn new skills and concepts. Education and Experience
Bachelor's degree in related field or discipline. Minimum of 7 years of experience in Information Security. Certifications
GPEN, OSCP, OSEP or similar are highly desirable. CISSP, CISA, CEH, GIAC and other industry certifications considered a plus. Pay And Benefits
The pay range for this position is $170,000.00 - $185,000.00/yr. United Healthcare Medical Insurance, MetLife Dental insurance, EyeMed Vision. 401K, eligible upon date of hire, contributions up to 1% pre-tax, 75% post-tax, and 10% Roth. Workplace Type
This is a hybrid position in New York, NY 10019. Application Deadline
This position is anticipated to close on Oct 26, 2025. EEO Statement
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
#J-18808-Ljbffr
The Sr. Information Security Analyst (Penetration Testing) will monitor the firm’s security systems and conduct penetration tests of the WLRK infrastructure. Key responsibilities include daily monitoring activities, SIEM and other security tools, identification and mitigation of suspicious events, controlled penetration tests, vulnerability identification, report delivery with recommendations, support of other Security Operations activities, deployment, operation of information security systems, and work on a diverse set of security related projects and responsibilities. Essential Duties and Responsibilities
Perform real-time security log and event analysis and take action to contain and mitigate information security threats. The events will originate from SIEM, DLP, IDS, IPS, antivirus, firewalls, system security logs and user reports. Conduct manual and automated penetration testing of web applications, APIs, networks, cloud environments, and mobile apps. Simulate real-world cyber-intrusion techniques to identify security vulnerabilities and validate practical exposures/risks. Develop automation workflows, routines and scripts to support advanced testing efforts and remediation validation. Contribute to red team engagements, threat modeling, and purple team exercises. Assist in maintaining existing security systems, such as IPS/IDS, Anti-Virus, EPO, SIEM, NAC and other cyberattack detection and analytics tools; assist with security technologies deployment, configuration, troubleshooting, maintenance, patching/upgrading and decommission. Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework. Work across teams to accomplish security program goals. Knowledge, Skills, and Abilities Required
Strong knowledge of network services, vulnerabilities, exploits and attack vectors and TTPs (Tactics, Techniques, and Procedures). Proven experience in penetration testing, ethical hacking, or purple teaming. Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and common exploit techniques. Proficiency with tools like Burp Suite, Metasploit, Nmap, Nessus, Kali, Bloodhound, or similar. Familiarity with scripting (e.g., Python, PowerShell) for automation and vulnerability validation. Understanding of IT infrastructure, networking, system internals (Windows/Linux), and web/application security. SPLUNK Administrator or Power User considered a plus. Strong knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment. Experience with cloud environments (SaaS, iDP, AWS, Azure, Google Cloud Platform) and cloud security testing. Knowledge of mobile app security vulnerabilities (iOS, Android) and threat modeling a plus. Participation in Capture The Flag (CTF) events or offensive security challenges. Critical thinking, investigative mindset and ability to conduct root cause analysis. Detail-oriented and able to meet tight deadlines. Excellent written, verbal and interpersonal skills. Highly motivated self-starter with an inquisitive personality. Desire and ability to learn new skills and concepts. Education and Experience
Bachelor's degree in related field or discipline. Minimum of 7 years of experience in Information Security. Certifications
GPEN, OSCP, OSEP or similar are highly desirable. CISSP, CISA, CEH, GIAC and other industry certifications considered a plus. Pay And Benefits
The pay range for this position is $170,000.00 - $185,000.00/yr. United Healthcare Medical Insurance, MetLife Dental insurance, EyeMed Vision. 401K, eligible upon date of hire, contributions up to 1% pre-tax, 75% post-tax, and 10% Roth. Workplace Type
This is a hybrid position in New York, NY 10019. Application Deadline
This position is anticipated to close on Oct 26, 2025. EEO Statement
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
#J-18808-Ljbffr