Posted 13 June, 2026
Cyber security Analyst
Diverse Lynx
Noida,Uttar Pradesh,201301
Full Time
Reference: 365_569689_23-00170
Key Responsibilities
· Perform manual security testing of web applications and API's hosted in Cloud and on-premises infrastructure.
· Perform manual security testing of Thick Client / Desktop Apps using re-engineering techniques via tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, ghidra.
· Perform manual security testing of Mobile applications build for Android, IOS platform using tools like GenyMotion, Drozer, MobSF, Android Studio.
· Install, configure, use and maintain scanning and testing tools used for testing web apps/ API's/ Thick client/ mobile apps.
· Knowledge/Experience of working with Burp Suite.
· Manually verify security vulnerabilities identified by automated tools.
· Should have an understanding of assessing severity of the vulns identified during testing based on the CVSS scoring mechanism
· Meet with application team to collect information and determine scope of testing
· Provide status and resolve issues that impact testing as required
· Document identified security vulnerabilities and related matters in a clear, concise and timely manner.
· Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation.
· Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities.
Qualifications:
· 6-7 Years of Experience in Web Application, Web API Penetration Testing, Thick client Testing, Mobile application testing, ideally in Finance Domain.
· Experience in conducting security assessment of AWS components such as S3 buckets, EC2 instances, Lambda functions, SNS etc ) being used by the cloud hosted applications
· Experience using Burp Suite & OWASP ZAP & other tools required to conduct security testing of Thick client apps and mobile apps.
· Sound knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns that lead to them, as well as remediation techniques.
· Working knowledge of authentication and identity management technologies.
· Strong interpersonal and communication skills; ability to work in a team environment
· Ability to work independently with minimal direction; self-starter/self-motivated
Additional Information:
Plus/Good to Have
· Professionally recognized certifications in a security-related field like CEH.
· Sound Knowledge of Network Protocols.
· Advanced programming abilities in Python (Strongly Preferred) or similar programming language
· Experience in Static Application Security Testing (SAST)
· Experience with threat modeling, security design reviews, and security architecture is a plus.
· Experience with enterprise applications (architecture, development, support, and troubleshooting)
· Perform manual security testing of web applications and API's hosted in Cloud and on-premises infrastructure.
· Perform manual security testing of Thick Client / Desktop Apps using re-engineering techniques via tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, ghidra.
· Perform manual security testing of Mobile applications build for Android, IOS platform using tools like GenyMotion, Drozer, MobSF, Android Studio.
· Install, configure, use and maintain scanning and testing tools used for testing web apps/ API's/ Thick client/ mobile apps.
· Knowledge/Experience of working with Burp Suite.
· Manually verify security vulnerabilities identified by automated tools.
· Should have an understanding of assessing severity of the vulns identified during testing based on the CVSS scoring mechanism
· Meet with application team to collect information and determine scope of testing
· Provide status and resolve issues that impact testing as required
· Document identified security vulnerabilities and related matters in a clear, concise and timely manner.
· Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation.
· Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities.
Qualifications:
· 6-7 Years of Experience in Web Application, Web API Penetration Testing, Thick client Testing, Mobile application testing, ideally in Finance Domain.
· Experience in conducting security assessment of AWS components such as S3 buckets, EC2 instances, Lambda functions, SNS etc ) being used by the cloud hosted applications
· Experience using Burp Suite & OWASP ZAP & other tools required to conduct security testing of Thick client apps and mobile apps.
· Sound knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns that lead to them, as well as remediation techniques.
· Working knowledge of authentication and identity management technologies.
· Strong interpersonal and communication skills; ability to work in a team environment
· Ability to work independently with minimal direction; self-starter/self-motivated
Additional Information:
Plus/Good to Have
· Professionally recognized certifications in a security-related field like CEH.
· Sound Knowledge of Network Protocols.
· Advanced programming abilities in Python (Strongly Preferred) or similar programming language
· Experience in Static Application Security Testing (SAST)
· Experience with threat modeling, security design reviews, and security architecture is a plus.
· Experience with enterprise applications (architecture, development, support, and troubleshooting)
