Senior Information Security Analyst/Penetration Tester

Title: Senior Information Security Analyst/Penetration Tester

Location: New York City, NY - hybrid (NOT remote)

Compensation: $170,000 - $190,000 base salary + bonus

Work authorization: Applicants must be currently authorized to work in the United States on a full-time basis. The company is unable to sponsor or take over sponsorship of employment visas at this time or in the future.

Glocomms have been partnered with a leading US law firm to build out their IT and Security team based in NYC. The company is seeking a seasoned cybersecurity professional to join its team as a Senior Information Security Analyst to play a pivotal role in defending the organization's digital assets through proactive monitoring, vulnerability assessments, and penetration testing. The ideal candidate will be deeply involved in identifying threats, evaluating system weaknesses, and implementing protective measures. This position also supports broader security initiatives and contributes to the development and maintenance of the firms security infrastructure.

Primary Responsibilities:

• Continuously monitor and analyze security alerts and logs from various sources including SIEM, endpoint protection, intrusion detection/prevention systems, firewalls, and user-generated reports.
• Execute both automated and manual penetration tests across multiple environments-web, cloud, network, and mobile-to uncover exploitable vulnerabilities.
• Emulate adversarial tactics to assess the resilience of systems and validate the impact of potential threats.
• Build and maintain scripts and automation tools to streamline testing processes and verify remediation efforts.
• Collaborate on red team simulations, threat modeling exercises, and integrated purple team operations.
• Support the upkeep and optimization of existing security technologies, including antivirus platforms, SIEM tools, network access controls, and endpoint protection systems.
• Enhance detection capabilities and contribute to the design of a robust continuous monitoring framework.
• Partner with cross-functional teams to align security efforts with organizational goals.

Required Expertise and Skills:

• In-depth understanding of network protocols, system vulnerabilities, attack methodologies, and threat actor behaviors.
• Hands-on experience in ethical hacking, penetration testing, or offensive security engagements.
• Familiarity with security frameworks and standards such as OWASP Top 10, MITRE ATT&CK, and CVSS.
• Proficiency with industry-standard tools like Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, and BloodHound.
• Competence in scripting languages (e.g., Python, PowerShell) for automation and custom testing.
• Strong grasp of operating systems (Windows/Linux), networking fundamentals, and application security principles.
• Experience with cloud platforms (AWS, Azure, GCP) and associated security practices.
• Knowledge of mobile application security and threat modeling for iOS and Android platforms is advantageous.
• Participation in cybersecurity competitions or Capture The Flag (CTF) events is a plus.
• Analytical mindset with the ability to perform root cause analysis and articulate findings clearly.
• Excellent communication skills and the ability to work independently and collaboratively.
• Eagerness to learn and adapt in a fast-paced, evolving security landscape.

Qualifications:

• Bachelor's degree in cybersecurity, computer science, or a related discipline.
• At least 7 years of professional experience in information security.
• Certifications such as OSCP, GPEN, or OSEP are highly valued.
• Additional credentials like CISSP, CEH, CISA, or GIAC are considered beneficial.