Cyber Exposure & Security Testing Analyst

The Cyber Exposure & Security Testing Analyst is responsible for identifying, analyzing, and validating cyber risks affecting complex and globally distributed digital ecosystems. This is a multidisciplinary role that combines cyber threat intelligence, external attack surface discovery, open-source intelligence (OSINT), and controlled security testing to provide a unified and context-aware understanding of an organization's external cyber exposure. The analyst will investigate digital footprints, monitor underground cyber ecosystems for targeted threats, discover internet-facing assets, and perform controlled, safety-aware security testing to validate exposure pathways. The environments assessed may include enterprise infrastructure, cloud services, automation platforms, connected devices, remote access environments, and vendor ecosystems across multiple industries. This is an investigative role for a curious and analytical security professional who is driven to uncover not just vulnerabilities, but the complete attack chain — from attacker reconnaissance through to the realistic impact of a potential breach. The role works closely with system integrators, infrastructure teams, and clients to produce intelligence that is actionable, contextually accurate, and clearly communicated. Analysts in this role are expected to think like adversaries, understanding how attackers discover, evaluate, and exploit exposed systems in real-world environments.

ROLE FOCUS

This role is intelligence-first and testing-second, but both capabilities are essential. The primary skill set is analytical — the ability to gather, correlate, and contextualize intelligence from multiple sources. Security testing is used to validate intelligence findings and confirm real-world exposure risk, rather than serving as the sole output of the role.

KEY RESPONSIBILITIES

Threat Intelligence Monitoring: Monitor global cyber threat intelligence sources to identify threats affecting connected environments and digital infrastructure.

Activities include:

• monitoring underground forums, marketplaces, and credential trading communities
• tracking initial access broker activity
• analyzing breach intelligence datasets and credential leaks
• monitoring infostealer malware logs
• identifying emerging threats targeting internet-exposed systems

Intelligence sources may include open-source intelligence platforms, internet telemetry datasets, breach intelligence repositories, and security research communities. The analyst will produce periodic intelligence briefings summarising relevant risks and trends in a format accessible to both technical and non-technical stakeholders.

External Attack Surface Discovery Identify and map all internet-visible infrastructure associated with monitored environments. Activities include:

• discovering domains and subdomains
• mapping exposed IP infrastructure
• identifying exposed services and administrative interfaces
• monitoring certificate transparency logs
• conducting passive DNS analysis
• identifying exposed cloud services and SaaS platforms
• detecting shadow IT, forgotten assets, and infrastructure introduced through third-party integrations

The analyst will analyse attacker discovery pathways and potential exploitation vectors to develop a realistic view of the organisation’s external exposure.

Security Testing & Exposure Validation

Conduct controlled and non-disruptive security testing to validate the real-world risk of exposures identified through intelligence monitoring and attack surface discovery. Activities include:

• reconnaissance and infrastructure discovery
• identification and validation of vulnerabilities and security misconfigurations
• validation of exposed services and authentication mechanisms
• verification of publicly accessible attack pathways

All testing activities are performed within defined scope and authorisation, with priority given to operational safety. Particular care is taken when assessing production environments where operational continuity and safety are critical.

Digital Footprint & OSINT Investigation

Investigate the digital footprints of organisations and individuals connected to monitored environments. Activities include:

• open-source intelligence research
• digital footprint mapping
• corporate entity identification
• identity exposure analysis
• correlation of public intelligence with discovered infrastructure

This contextual intelligence improves the accuracy and relevance of exposure analysis.

Identity Exposure & Credential Intelligence

Identify indicators of potential identity compromise affecting monitored personnel, vendors, or organizations. Activities include:

• breach intelligence monitoring
• credential reuse analysis
• detection of exposed authentication tokens
• correlation of identity exposure with potential access pathways

All findings are validated before escalation to minimise false positives.

CORE COMPETENCIES & TECHNICAL FOUNDATIONS

Candidates should demonstrate practical capability in the following areas through professional work, independent research, or a combination of both.Threat Intelligence AnalysisExperience analysing cyber threats from sources such as underground forums, breach datasets, and threat intelligence feeds.Ability to distinguish signal from noise and produce concise, actionable intelligence summaries.Attack Surface DiscoveryExperience discovering and mapping external infrastructure using techniques such as:

• internet scanning platforms
• passive DNS analysis
• certificate transparency monitoring
• infrastructure reconnaissance

Ability to identify exposed services, misconfigured interfaces, and shadow IT assets.

OSINT Investigation Ability

Conduct open-source intelligence investigations to map digital footprints, identify corporate structures, and gather contextual intelligence about organisations and individuals.Familiarity with OSINT frameworks and investigative methodologies.

Security Testing & Validation Experience

Identifying and validating vulnerabilities and misconfigurations across web services, exposed infrastructure, and authentication mechanisms. Strong understanding of safe, non-disruptive testing methodologies.

Technical Foundations

Strong understanding of:

• DNS architecture
• IP networking
• web application fundamentals
• cloud service infrastructure

Ability to interpret certificate data, infrastructure configurations, and network behaviour

Analytical & Communication Skills

Ability to:

• correlate intelligence from multiple sources
• identify emerging cyber risk patterns
• translate technical findings into clear risk narratives
• communicate complex issues to non-technical stakeholders

Strong written communication is essential.

CERTIFICATION

Certifications like OSCP, GIAC GPEN, GXPN, CREST CCT is highly preferable for right candidate we are ready to sponsor

PREFERRED TECHNICAL BACKGROUND

The following technical exposures are advantageous but not required:

• connected devices and IoT ecosystems
• automation or control environments
• satellite or remote connectivity infrastructure
• cloud and SaaS security exposure analysis
• vendor access ecosystems and supply chain risk

Experience with scripting or automation (Python, Bash, or similar) for reconnaissance or intelligence processing is beneficial.

RESEARCH PORTFOLIO & EVIDENCE OF WORK:

Candidates are encouraged to share examples of investigative or technical work demonstrating curiosity and analytical capability. Examples include:

• security research blogs or technical write-ups
• OSINT investigations or intelligence reports
• vulnerability research or attack surface discovery projects
• GitHub repositories related to security research or automation
• conference talks, presentations, or training material
• original tools or scripts for reconnaissance or analysis

Independent research and experimentation are viewed as strong positive indicators.

Job Types: Full-time, Permanent