Overview
Security Analyst Jobs in Gandhinagar, India at Strobes Security, Inc.
Title: Security Analyst
Company: Strobes Security, Inc.
Location: Gandhinagar, India
Type: Full Time
Category: IT/Tech, Security
Position
Purpose:
Lead the
hands-on
execution of red team operations, contribute to reporting and debriefing, and conduct Proof of Concept exploits around vulnerabilities from a technical perspective. The candidate needs to work collaboratively as we ensure processes, procedures, and controls are tested, ensuring advanced corporate-wide security solutions are ready to protect our enterprise.
1. Plan, coordinate, and execute red team exercises to identify vulnerabilities, control gaps, and potential attack vectors in Centene information systems on-prem and in cloud environments
2. Develop and refine supporting processes for all red team activities, including standard operating procedures and playbooks
3. Research and experiment with new tools and methodologies to improve the Red Team’s capabilities
4. Well-versed with security tools & C2 frameworks
5. Ability to lead / plan / operate all phases of a red team engagement
6. Strong understanding of the exploitation of Microsoft platforms used in the enterprise environment such as Windows Server, Windows 10/11, Active Directory, Certificate Services, Azure, etc. 7. As the Red Team, participate in quarterly purple team exercises, sharing insights and knowledge to improve overall security posture
8. Ability to work cooperatively and professionally with co-workers, customers, and management daily, either remotely or in person
9. Provide mentorship for Red Team Operators I and II 10. Performs other duties as assigned 11. Complies with all policies and standards
Key Responsibilities:
1. Conduct advanced red team exercises
2. Analyze and develop malware
3. Design phishing campaigns
4. Perform comprehensive OSINT
5. Deploy offensive security tools
6. Bypass EDR/XDR solutions Technical
Skills:
1. 3+ years
hands-on
technical red team, pen test, or purple team
2.
Hands-on experience
with using modifying and customizing penetration testing and red teaming software to meet operational requirements
3. Experience in professionally delivering technical and executive-level red team reports and briefings
4. Ability to independently research new vulnerabilities in software products
5. Familiar with fundamentals of software exploitation on
modern
operating systems and cloud environments. Expertise in working with Nessus, Nmap, and other network pen testing tools.
6. Perform social engineering assessments (email phishing, vishing, physical access attacks) to simulate the theft of passwords, infiltrate systems, and download malware/ransomware to assess the security awareness and physical security controls of the Organization
7. Strong understanding of offensive security frameworks such as MITRE ATT&CK and defense evasions with firewalls, and EDRs.
8. Strong understanding of C2C FRAMEWORKS and data exfiltration techniques on AD and cloud.
9. Strong understanding of cloud penetration tests or cloud services exploitation, and privilege escalations. 10. Ability to automate and develop enumeration techniques when operating on EDRs, MDRs, and Cloud defenses. 11. Familiarity with Azure AD and AWS IAM attacks is a bonus. 12. Familiar with modifying known exploits and building sample PoCs when asked to work with CVEs. License/Certification:
Global Information Assurance Certification (GIA…
