Offensive Security Analyst – Penetration Testing & Red Team

About the role

SecurityHQ is seeking an Offensive Security Analyst to perform advanced security assessments across web, mobile, API and authentication protocols. The role involves penetration testing, source code reviews, red‑team operations and adversary emulation on diverse infrastructures.

Key responsibilities

• Conduct security assessments on authentication protocols, web, mobile and API (REST/SOAP/GraphQL) applications.
• Perform source code reviews for applications written in multiple languages.
• Execute penetration tests on public and private network infrastructure assets.
• Carry out adversary emulation and red‑team exercises both internally and externally.
• Develop testing scripts and procedures to meet comprehensive assessment requirements.
• Produce executive and technical reports with actionable recommendations.
• Create methodology documents and pre‑engagement questionnaires for penetration testing and vulnerability assessment projects.

Required profile

• Minimum 2 years of professional experience in application penetration testing.
• Bachelor’s degree in Computer Science, IT, Electronics Engineering, MCA or equivalent.
• Relevant certifications such as PortSwigger BSCP, OffSec OSCP, TCM PNPT, HTB CPTS or HTB CWEE are preferred.

Required skills

• Web, mobile and API security testing (REST, SOAP, GraphQL).
• Source code review across multiple programming languages.
• Penetration testing of network infrastructure.
• Red‑team operations and adversary emulation.
• Scripting and development (e.g., Python, Bash).
• CI/CD pipeline security and integration into DevOps workflows.
• Cloud security assessments (AWS, Azure, GCP).
• Active Directory exploitation.
• Malware development and defense evasion techniques.
• Bug bounty hunting experience.