Hey Guys, I have an opening to share with you.
Dassault Systèmes, the 3DEXPERIENCE Company, is a catalyst for human progress. We provide business and people with collaborative virtual environments to imagine sustainable innovations. By creating ‘virtual experience twins’ of the real world with our 3DEXPERIENCE platform and applications, our customers push the boundaries of innovation, learning and production. We are seeking a skilled Cyber Security Analyst - Penetration Testing to join our cybersecurity team.
Role Description & Responsibilities
This role involves evaluating and enhancing the security of cloud environments by identifying vulnerabilities, simulating cyberattacks, and providing actionable recommendations. The ideal candidate will have deep expertise in web applications vulnerabilities, cloud platforms (AWS, OWS, Azure, GCP) and strong penetration testing methodologies to ensure our cloud infrastructure remains secure against evolving threats.
• Vulnerability Assessment
• Perform in-depth vulnerability assessments of cloud platforms, applications, and associated services.
• Cloud Penetration Testing
• Conduct simulated attacks on cloud environments, including testing virtual machines, containers, APIs, server-less functions, and network configurations.
• Threat Modeling
• Analyze potential attack vectors in cloud architectures to prioritize high-risk areas.
• Security Validation
• Evaluate compliance with cloud security frameworks (e.g., CIS, NIST, ISO 27001).
• Automation
• Develop and utilize scripts, tools, and automated processes to streamline penetration testing workflows.
• Reporting
• Provide detailed technical and executive-level reports, including identified vulnerabilities, risk assessments, and recommended mitigations.
• Collaboration
• Work closely with Development and Operations teams to help them resolve identified issues, and verify the corrections.
• Research & Innovation
• Stay updated on emerging cloud threats, tools, and techniques; contribute to improving internal testing methodologies.
Qualifications
- Educational Background:
Bachelor’s degree in Computer Science, Information Security, or related field.
Relevant certifications (preferred): OSCP, CEH, GWAPT, or equivalent.
- Technical Expertise:
Strong understanding of web technologies (HTTP, HTML, JavaScript, APIs, etc.) and frameworks (React, Angular, Django, etc.).
Knowledge of security protocols, cryptographic standards, and authentication mechanisms.
Familiarity with OWASP Top 10, MITRE CWE Top 25, and other relevant security frameworks.
- Experience:
2-5 years of hands-on experience in penetration testing or application security.
Proven experience in identifying and exploiting vulnerabilities in web applications.
- Soft Skills:
Strong problem-solving and analytical skills.
Excellent communication skills to articulate technical findings to non-technical stakeholders.
Ability to work both independently and as part of a team.
- Preferred Skills:
Experience with web application security testing.
Familiarity with cloud-based environments (AWS, Azure, GCP) and their security nuances.
Knowledge of secure development practices (e.g., DevSecOps).
- Familiarity with various hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark, etc..)
- Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities.
- Proficiency in assessing web applications for common vulnerabilities like SQL injection, XSS, CSRF, SSRF and more.
- Proficiency in exploiting vulnerabilities and assess the impact of attacks and understanding of vulnerability scoring systems (e.g., CVSS)
- Ability to work independently and document proof of concepts (POCs), assessments, detailed evaluations report etc.
- Ability to think creatively and analytically to identify and exploit vulnerabilities. Effective problem-solving skills when encountering unexpected challenges during testing.
- High level of attention to detail and accuracy in documentation and reporting
What’s in it for you
- Work in a culture of collaboration and innovation
- Ensure knowledge sharing within the development team and encourage introduction of new technologies
- Proactively optimize development processes and suggest new ideas
