Offensive Security Analyst

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS.
Our most valuable asset is our people .
At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems-the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.
Offensive Security Analyst
We are looking for a professional to join us as an Offensive Security Analyst in our Pune, India office. This professional will be responsible for conducting penetration tests and security assessments across cloud and on-premises environments. This role requires good technical expertise, out-of-box thinking, and effective communication skills to proactively identify, communicate and address security risks.
What you'll do:

• Typical daily work will consist of planning and performing penetration tests on cloud-based and on-premises infra & applications to identify security weaknesses and loopholes
• Support the penetration testing lifecycle-from information gathering and vulnerability scanning to manual exploitation and documentation
• Collaborate closely with the vulnerability management team to validate exploitable vulnerabilities and help prioritize remediation
• Collaborate with infra owners, developers, business teams to understand applications and infrastructure and provide practical, remediation-focused security advice
• Help create clear, actionable penetration testing reports including proof-of-concept, risk ratings, and remediation guidance
• Developing and testing custom exploits to demonstrate vulnerabilities and assess the potential impact on systems
• Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications
• Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies
• Participate in internal security knowledge-sharing sessions and team meetings to learn from senior testers and share discoveries

What you'll bring:

• Strong foundational understanding of information security principles
• Familiarity with tools such as: Nmap, Burp Suite, OWASP ZAP, Nikto (Web/App Testing) Nessus, OpenVAS, Kali Linux (Infrastructure Scanning), and Metasploit (for controlled exploit validation)
• Basic Knowledge of: OWASP Top 10 web application vulnerabilities
• Common infrastructure weaknesses (e.g., SMB, RDP, DNS, FTP, SMTP issues)
• Authentication and access control issues
• A deep interest in Cyber Security and a drive to learn about penetration testing skills through hands-on practice, research, and community engagement
• Comfort working in command-line environments (Linux shells, Windows CMD/PowerShell) for reconnaissance and exploitation.
• Strong analytical and problem-solving mindset , with the ability to break down complex problems and think creatively
• Eagerness to learn from real-world engagements and senior team members, with a growth mindset and a proactive approach to developing technical depth and practical experience
• Familiarity with secure communication protocols (e.g., HTTPS, SSH, VPNs) and how insecure configurations can be exploited
• Good verbal and written communication skills to clearly explain technical concepts and document findings
• Passion for cybersecurity, demonstrated through CTF participation, cybersecurity clubs, academic projects , personal labs, or platforms like Hack the Box, TryHackMe, or OverTheWire

Good to have skills and abilities:

• Completion of relevant cybersecurity coursework or certifications
• Basic scripting in Python, Bash, or PowerShell for automating tasks or building internal tools
• Understanding of web application architecture (client-server model, HTTP protocol, APIs)
• Awareness of vulnerability disclosure platforms (e.g., CVE database) and responsible reporting practices
• Basic Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities

Academic Qualifications:

• Bachelor's degree in computer science/management of computer information/ Cybersecurity
• 0-2 years of Penetration Testing / Red-Teaming / Offensive Security
• Must have Security Certifications: OSCP / CREST / GPEN / HTB-CPTS
• Security Certifications: CRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP
• Cloud Certifications: AWS CLP, AWS Security Specialty

Perks & Benefits:
ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Travel:
Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.
Considering applying?
At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
To Complete Your Application:
Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com