Offensive Security Analyst

Minimum Salary: -

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS.

Our most valuable asset is our people.

• Typical daily work will consist of planning and performing penetration tests on cloud-based and on-premises infra & applications to identify security weaknesses and loopholes
• Support the penetration testing lifecycle-from information gathering and vulnerability scanning to manual exploitation and documentation
• Collaborate closely with the vulnerability management team to validate exploitable vulnerabilities and help prioritize remediation
• Collaborate with infra owners, developers, business teams to understand applications and infrastructure and provide practical, remediation-focused security advice
• Help create clear, actionable penetration testing reports including proof-of-concept, risk ratings, and remediation guidance
• Developing and testing custom exploits to demonstrate vulnerabilities and assess the potential impact on systems
• Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications
• Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies
• Participate in internal security knowledge-sharing sessions and team meetings to learn from senior testers and share discoveries

• Strong foundational understanding of information security principles
• Familiarity with tools such as: Nmap, Burp Suite, OWASP ZAP, Nikto (Web/App Testing) Nessus, OpenVAS, Kali Linux (Infrastructure Scanning), and Metasploit (for controlled exploit validation)
• Basic Knowledge of: OWASP Top 10 web application vulnerabilities
• Common infrastructure weaknesses (e.g., SMB, RDP, DNS, FTP, SMTP issues)
• Authentication and access control issues
• A deep interest in Cyber Security and a drive to learn about penetration testing skills through hands-on practice, research, and community engagement
• Comfort working in command-line environments (Linux shells, Windows CMD/PowerShell) for reconnaissance and exploitation.
• Strong analytical and problem-solving mindset, with the ability to break down complex problems and think creatively
• Eagerness to learn from real-world engagements and senior team members, with a growth mindset and a proactive approach to developing technical depth and practical experience
• Familiarity with secure communication protocols (e.g., HTTPS, SSH, VPNs) and how insecure configurations can be exploited
• Good verbal and written communication skills to clearly explain technical concepts and document findings
• Passion for cybersecurity, demonstrated through CTF participation, cybersecurity clubs, academic projects, personal labs, or platforms like Hack the Box, TryHackMe, or OverTheWire

• Completion of relevant cybersecurity coursework or certifications
• Basic scripting in Python, Bash, or PowerShell for automating tasks or building internal tools
• Understanding of web application architecture (client-server model, HTTP protocol, APIs)
• Awareness of vulnerability disclosure platforms (e.g., CVE database) and responsible reporting practices
• Basic Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities

• Bachelor's degree in computer science/management of computer information/Cybersecurity
• 0-2 years of Penetration Testing / Red-Teaming / Offensive Security
• Must have Security Certifications: OSCP / CREST / GPEN / HTB-CPTS
• Security Certifications: CRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP
• Cloud Certifications: AWS CLP, AWS Security Specialty