Lead Analyst - Penetration Tester at Sysco LABS Sri Lanka

Role Overview

The Lead Analyst - Penetration Tester at Sysco LABS Sri Lanka is a critical role within Sysco's Corporate Cybersecurity organization. This position is responsible for leading offensive security testing across a wide range of platforms, including web applications, APIs, cloud environments (Azure, AWS, GCP), and internal enterprise systems. As a senior individual contributor, the Lead Analyst will leverage their extensive experience in penetration testing to uncover complex attack paths and collaborate closely with various security teams, such as Application Security, Cloud Security, Vulnerability Management, and Threat Hunting. This role requires a deep understanding of security principles, excellent technical skills, and the ability to communicate effectively with both technical and non-technical audiences. A balanced work schedule will be maintained, accounting for any planned evening or weekend testing of production environments with compensatory time off.

A Day in the Life

A typical day for the Lead Analyst - Penetration Tester might involve the following: * **Morning:** Start the day by reviewing the latest security news and threat intelligence reports to stay informed about emerging vulnerabilities and attack techniques. Prioritize penetration testing tasks based on risk and business impact. * **Mid-day:** Conduct manual penetration testing of a web application, using tools like Burp Suite and Veracode to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication flaws. Analyze the application's architecture and code to understand potential attack vectors. * **Afternoon:** Collaborate with the Application Security team to discuss findings and recommend remediation strategies. Write a detailed penetration testing report that clearly outlines the vulnerabilities, their potential impact, and the steps needed to fix them. Conduct a security assessment of a cloud environment (e.g., Azure, AWS, GCP) to identify misconfigurations and security weaknesses. * **Late Afternoon:** Participate in a meeting with the Vulnerability Management team to discuss the prioritization of vulnerabilities and track remediation progress. Research and experiment with new penetration testing techniques and tools. Throughout the day, the Lead Analyst will also be involved in mentoring junior penetration testers, developing security training materials, and contributing to the improvement of security processes and procedures.

Why Colombo, Sri Lanka?

Sysco LABS Sri Lanka is located in Colombo, a vibrant and growing city that offers a unique blend of culture, technology, and opportunity. Colombo is a hub for innovation and attracts top talent from across the region. Working at Sysco LABS in Colombo provides the opportunity to be part of a global team while enjoying a high quality of life. The city offers a diverse range of activities and attractions, including beautiful beaches, historical sites, and a thriving culinary scene. Additionally, the cost of living in Colombo is relatively low compared to other major cities, making it an attractive place to live and work.

Career Path

The Lead Analyst - Penetration Tester role offers a clear path for career advancement within Sysco. With experience and demonstrated expertise, the individual can progress to roles such as: * **Senior Penetration Tester:** Focus on leading complex penetration testing projects and mentoring junior team members. * **Security Architect:** Design and implement security solutions for Sysco's infrastructure and applications. * **Security Manager:** Lead a team of security professionals and oversee security operations. * **Director of Cybersecurity:** Develop and execute Sysco's overall cybersecurity strategy. Sysco is committed to providing its employees with opportunities for professional growth and development. The company offers a variety of training programs, mentorship opportunities, and career development resources to help employees achieve their career goals.

Salary & Benefits

Sysco offers a competitive salary and benefits package that is commensurate with experience and qualifications. The salary range for the Lead Analyst - Penetration Tester role is estimated to be between $60,000 and $100,000 USD per year, depending on the candidate's skills and experience. In addition to salary, Sysco offers a comprehensive benefits package that includes: * Health insurance (medical, dental, and vision). * Paid time off (vacation, sick leave, and holidays). * Retirement savings plan with company match. * Employee stock purchase plan. * Life insurance and disability coverage. * Employee assistance program. * Wellness programs and resources. * Tuition reimbursement program.

Sysco Culture

Sysco is a company that values its employees and fosters a culture of teamwork, innovation, and customer focus. The company is committed to providing a diverse and inclusive work environment where all employees feel valued and respected. Sysco also encourages its employees to give back to the community through volunteer opportunities and charitable giving programs.

How to Apply

Interested candidates are encouraged to apply online through the Sysco careers website. The application process typically involves submitting a resume and cover letter, completing an online assessment, and participating in interviews with the hiring manager and other members of the team.

Frequently Asked Questions (FAQ)

**Q1: What are the key skills and qualifications for this role?** A1: The key skills and qualifications include a bachelor's degree in Computer Science, Cybersecurity, or a related field, 5+ years of experience in penetration testing, experience leading penetration testing projects, deep understanding of web application vulnerabilities, hands-on experience with penetration testing tools, and excellent communication skills. **Q2: What is the work environment like at Sysco LABS Sri Lanka?** A2: Sysco LABS Sri Lanka offers a collaborative and innovative work environment. Employees have the opportunity to work on challenging projects and contribute to the success of a global company. **Q3: What is the career path for this role?** A3: The Lead Analyst - Penetration Tester role offers a clear path for career advancement within Sysco. With experience and demonstrated expertise, the individual can progress to roles such as Senior Penetration Tester, Security Architect, Security Manager, and Director of Cybersecurity. **Q4: What benefits does Sysco offer?** A4: Sysco offers a comprehensive benefits package that includes health insurance, paid time off, a retirement savings plan with company match, an employee stock purchase plan, life insurance, disability coverage, an employee assistance program, and wellness programs. **Q5: What is the interview process like?** A5: The interview process typically involves submitting a resume and cover letter, completing an online assessment, and participating in interviews with the hiring manager and other members of the team. **Q6: What tools are primarily used?** A6: Veracode, Burp Suite are the primary tools. Candidates should also be familiar with Metasploit, Nmap, and other common penetration testing tools. **Q7: Does Sysco support professional development?** A7: Yes, Sysco is committed to providing its employees with opportunities for professional growth and development. The company offers a variety of training programs, mentorship opportunities, and career development resources. **Q8: Is there flexibility in working hours?** A8: The role requires occasional evening or weekend testing, with compensatory time off provided to maintain a sustainable work schedule. Sysco strives to offer flexible work arrangements where possible. **Q9: What is the company culture like?** A9: Sysco fosters a culture of teamwork, innovation, and customer focus. The company is committed to providing a diverse and inclusive work environment. **Q10: How does Sysco contribute to the community?** A10: Sysco encourages its employees to give back to the community through volunteer opportunities and charitable giving programs.