We are seeking an

　　experienced Senior Security Analyst to join our IT Security and Compliance

　　team. The ideal candidate will have a strong cyber security mindset,

　　encompassing various domains of cybersecurity. This role will primarily focus

　　on network penetration testing and will require expertise in a range of network

　　penetration testing tools, both for on-premise and cloud-based applications

　　across AWS, GCP, and Azure environments.

　　Responsibilities:

　　Plan and execute comprehensive network penetration tests to identify vulnerabilities in our on-premise and cloud-based systems, applications, and network infrastructure.

　　Utilize a variety of network penetration testing tools, including but not limited to Nmap, Wireshark, Metasploit, Burp Suite, Nessus, Qualys, and OWASP ZAP.

　　Assess the security of cloud-based environments (AWS, GCP, Azure) by conducting penetration tests specific to native services and configurations.

　　Perform security assessments on public-facing interfaces, applications, and services to identify potential vulnerabilities.

　　Conduct Red/Blue teaming exercises to assess the organization's overall security posture.

　　Analyze and report findings, providing actionable recommendations and risk assessments.

　　Develop and maintain standardized test methodologies and procedures.

　　Keep abreast of emerging threats and vulnerabilities and apply this knowledge to improve security practices.

　　Requirements:

　　Proficiency in network penetration testing methodologies and tools, including Nmap, Wireshark, Metasploit, Burp Suite, Nessus, Qualys, and OWASP ZAP.

　　Strong knowledge of cloud security concepts, especially in AWS, GCP, and Azure environments would be a plus.

　　Familiarity with scripting languages (e.g., Python, PowerShell) for custom tool development and automation.

　　Deep understanding of network protocols, security technologies, and encryption.

　　Ability to prioritize vulnerabilities based on risk and potential impact.

　　Experience with network security assessments of on-premise and cloud-based applications.

　　Competency in conducting vulnerability scans using automated tools for both on-premise and cloud environments.

　　Strong analytical and problem-solving skills with attention to detail.

　　Excellent communication skills to convey technical findings and recommendations effectively.

　　Relevant certifications such as CEH, OSCP, CISSP, GIAC/GPEN or equivalent are a plus.

　　Continuously assess the security of on-premise and cloud-based applications through regular penetration testing.

　　Identify and report vulnerabilities, providing guidance on remediation.

　　Collaborate with cross-functional teams to ensure cloud environments are secure and compliant.

　　Monitor and evaluate security controls in AWS, GCP, and Azure environments.

　　Participate in incident response activities, including forensic analysis and containment measures from different penetration testing methodologies.

　　#LI-OnSite

　　Equal Employment Opportunity has been, and will continue to be, a fundamental commitment at Cornerstone OnDemand. All qualified applicants are given consideration regardless of race, color, gender, age, sexual orientation, national origin, marital status, citizenship status, disability, veteran status, or any other protected class as provided in applicable Federal, State, or Local fair employment laws. If you have a disability or special need that requires accommodation, please contact us at [email protected]