Position Title: Offensive Security Analyst

About Us:
Emin Labs is a leading provider of advanced cybersecurity services, including MDR (Managed Detection and Response), cybersecurity consultancy, and red team, malware, and forensic support. Our team partners with multiple IT companies to provide both short- and long-term talent solutions. We pride ourselves on offering cutting-edge solutions that keep businesses secure against evolving cyber threats. 
At Emin Labs, we empower our team members with a collaborative environment, opportunities for continuous learning, and a focus on career growth. Our commitment extends beyond just securing our clients—we aim to make a positive impact in the communities we serve.

Position Overview:
We are seeking an Offensive Security Analyst with advanced expertise in web application penetration testing to join our team. In this role, you will be responsible for identifying and exploiting security vulnerabilities within web applications, APIs, and cloud environments, helping to protect our organization’s assets from sophisticated cyber threats. As a key member of the offensive security team, you will conduct red team operations, simulate attacks, and collaborate with cross-functional teams to improve security posture and mitigate risks. This position demands hands-on experience, technical proficiency, and a strong understanding of the latest vulnerabilities, attack techniques, and exploitation methods.

Responsibilities:

• Perform comprehensive web application penetration testing and vulnerability assessments across internal and external web applications.
• Identify, exploit, and document security vulnerabilities in web applications, APIs, and cloud environments, providing detailed risk assessments and recommendations for remediation.
• Simulate real-world attacks to evaluate application security controls and detect potential threats.
• Collaborate with development and security teams to offer actionable guidance on fixing vulnerabilities and strengthening security posture.
• Prepare detailed penetration testing reports and clearly communicate findings to technical and non-technical stakeholders.
• Continuously research and stay current on emerging vulnerabilities, security trends, and attack vectors in the web application landscape.
• Assist in security incident response by identifying and analyzing vulnerabilities that may be exploited during an attack.
• Conduct threat modeling and provide input on security requirements for application development.
• Develop and maintain custom scripts and tools to enhance penetration testing efforts.
• Mentor junior security team members and contribute to the overall knowledge base of the security team.

Qualifications:

• Proven experience in web application penetration testing, with a strong background in identifying vulnerabilities, performing manual testing, and using automated tools.
• Deep understanding of web application security concepts, including OWASP Top 10, secure coding practices, authentication and authorization mechanisms, session management, and input validation.
• Proficiency in using security tools such as Burp Suite, OWASP ZAP, Metasploit, and other custom scripts for penetration testing.
• Strong knowledge of web technologies such as HTML, JavaScript, CSS, AJAX, and HTTP/HTTPS protocols.
• Hands-on experience with exploiting common web vulnerabilities like SQL injection, XSS, CSRF, SSRF, RCE, XXE, and IDOR.
• Familiarity with security testing methodologies, frameworks, and standards (e.g., OWASP, PTES, NIST, MITRE ATT&CK).
• Strong scripting and programming skills (e.g., Python, JavaScript, Bash, PowerShell) to develop custom exploits and automate tasks.
• Strong analytical and problem-solving skills, with the ability to think like an attacker and identify creative ways to exploit vulnerabilities.

Preferred Certifications:

• Offensive Security Certified Professional (OSCP)
• Offensive Security Web Assessor (OSWA)
• Offensive Security Web Expert (OSWE)
• GIAC Web Application Penetration Tester (GWAPT)

Additional Skills (Preferred but not Required):

• Experience with cloud environments (AWS, Azure, GCP) and their security models.
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
• Knowledge of cryptography, secure communication protocols, and encryption standards.
• Experience in red teaming or advanced adversary emulation.

Why Emin Labs?
At Emin Labs, we value innovation, collaboration, and the drive to stay ahead of the latest cybersecurity challenges. Joining our team means contributing to a dynamic environment where your skills will be put to the test and continuously refined