Information Technology Security Analyst

We are seeking a skilled IT Security Analyst with a strong background in application penetration testing to help protect and strengthen enterprise application ecosystem. This role will serve as a key liaison between internal development teams and external security testing partners, ensuring vulnerabilities are identified, remediated, and validated effectively.Required Qualifications5–7 years of experience in IT security, with a focus on application security and penetration testing.Strong understanding of application penetration testing methodologies and tools.Deep familiarity with OWASP Top 10 vulnerabilities and mitigation techniques.Experience working with external security vendors and managing testing engagements.Ability to interpret technical findings and communicate risks to both technical and non-technical stakeholders.Experience collaborating with application development teams in Agile or similar environments.Preferred QualificationsHands-on penetration testing experience (web and/or API testing preferred).Relevant certifications such as CEH, OSCP, GWAPT, or similar.Familiarity with secure SDLC practices and DevSecOps methodologies.Experience with vulnerability management platforms and ticketing systems.SkillsApplication Security and Penetration TestingOWASP Vulnerability AnalysisRisk Assessment and Remediation TrackingCross-functional CollaborationCommunication and Stakeholder ManagementKey ResponsibilitiesManage the end-to-end application penetration testing lifecycle, including planning, scheduling, execution, and retesting.Coordinate with third-party penetration testing vendors and internal application development teams.Review and validate penetration testing results, ensuring findings are accurate, prioritized, and actionable.Track remediation efforts and conduct or coordinate retesting of resolved vulnerabilities.Provide expert guidance to application developers on secure coding practices and vulnerability remediation.Advise leadership on application security risks, trends, and mitigation strategies.Ensure alignment with industry standards such as OWASP Top 10 and secure development best practices.Maintain documentation of findings, risk assessments, and remediation status.