IT Security Analyst

Get a free resume review

Job Description

Conduct in-depth penetration testing of cloud environments (AWS, Azure, GCP), focusing on identifying complex vulnerabilities and security misconfigurations.
Perform penetration testing of containerized applications (Docker, Kubernetes) and serverless architectures.
Develop and execute custom penetration testing methodologies and tools to simulate real-world attacks.
Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).
Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for static and dynamic analysis.
Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, and network simulation.
Perform comprehensive security assessments of RESTful and other API architectures.
Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.
Perform security testing for distributed systems and microservices.
Expert knowledge of hacking authentication methods such as OAuth, SAML, and JWT.
Knowledge of macOS and Windows Active Directory systems and their security implications.
Deep understanding of Linux operating systems and their security implications.
Ability to analyze and understand complex software architectures and codebases.
Work closely with software engineers to provide security guidance and recommendations.
Basic knowledge of Python or Go programming languages for scripting and tool development.
Collaborate effectively with cross-functional teams, including software engineers, cloud architects, and security professionals.
Communicate security findings and recommendations clearly and concisely to both technical and non-technical audiences.
Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack techniques.
Conduct security research and develop new penetration testing methodologies.
Have experience in threat modelling, red/blue teaming, working with best-in-class independent engineering teams.

Nice-to-Have:

Administer and optimize Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools.
Configure and maintain cloud security tools and platforms to ensure continuous monitoring and threat detection.
Work with Infrastructure as Code tools such as Terraform and CloudFormation to ensure secure cloud deployments.
Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.

Qualifications

BA or BSc. in Computer Science, Information Security, or a related field.
6+ years of experience in penetration testing, with a strong focus on cloud security.
Expert-level knowledge of cloud platforms (AWS, Azure, GCP) and their security services.
Proven experience in API security testing and authentication hacking.
Strong understanding of Linux, macOS and Windows Active directory operating systems and software development practices.
Proficiency in using penetration testing tools and frameworks, including commercial tools like Checkmarx, Invicti, and Synopsys etc.
Excellent communication and collaboration skills.
Deep understanding of the MITRE ATT&CK framework.
Experience working in a software development environment.

Nice-to-Have:

Relevant security certifications (e.g., OSCP, OSCE, GPEN, GWAPT).
Experience with CSPM and SSPM tools.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Arista Networks is an equal opportunity employer. Arista makes all hiring and employment-related decisions in a non-discriminatory manner without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or any other factor determined to be unlawful under applicable federal, state, or law law. All your information will be kept confidential according to EEO guidelines.

Average salary estimate

$130000 / YEARLY (est.)

min

max

$120000K

$140000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About IT Security Analyst, Arista Networks

Join Arista Networks as an IT Security Analyst in sunny Santa Clara, CA, where your expertise will help safeguard our cloud environments and applications. In this role, you'll conduct in-depth penetration testing of leading cloud platforms like AWS, Azure, and GCP, pinpointing complex vulnerabilities and misconfigurations. You'll also delve into containerized applications, working with technologies like Docker and Kubernetes, while developing custom methodologies that mimic real-world attacks. Your mastery of manual penetration testing techniques and advanced tools such as Burp Suite, Cobalt Strike, and Metasploit will be crucial. You'll utilize commercial tools for static and dynamic analysis, and ensure RESTful APIs are thoroughly assessed for vulnerabilities, particularly regarding authentication and authorization. Collaboration is key, so you'll work closely with software engineers and other security professionals, clearly communicating findings and recommendations to both technical and non-technical teams. Stay on the cutting edge of the latest cloud security threats, conduct research, and help shape the field of penetration testing. With a strong focus on innovation and teamwork, this is your chance to make a real impact in cloud security while enjoying a vibrant workplace culture. Come help us fortify our digital world at Arista Networks!

Frequently Asked Questions (FAQs) for IT Security Analyst Role at Arista Networks

What responsibilities does an IT Security Analyst have at Arista Networks?

An IT Security Analyst at Arista Networks is tasked with conducting in-depth penetration tests of cloud environments like AWS, Azure, and GCP, as well as containerized applications. You will develop methodologies to simulate real-world attacks, utilize advanced offensive security tools, and ensure comprehensive security assessments of API architectures. Strong collaboration with cross-functional teams is essential, as is the ability to communicate findings effectively.