Offensive Security Analyst

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

We are seeking an Offensive Security Analyst with advanced expertise in web application penetration testing to join our team. In this role, you will be responsible for identifying and exploiting security vulnerabilities within web applications, APIs, and cloud environments, helping to protect our organization's assets from sophisticated cyber threats. As a key member of the offensive security team, you will conduct red team operations, simulate attacks, and collaborate with cross-functional teams to improve security posture and mitigate risks. This position demands hands-on experience, technical proficiency, and a strong understanding of the latest vulnerabilities, attack techniques, and exploitation methods.

Responsibilities:

• Perform comprehensive web application penetration testing and vulnerability assessments across internal and external web applications.
• Identify, exploit, and document security vulnerabilities in web applications, APIs, and cloud environments, providing detailed risk assessments and recommendations for remediation.
• Simulate real-world attacks to evaluate application security controls and detect potential threats.
• Collaborate with development and security teams to offer actionable guidance on fixing vulnerabilities and strengthening security posture.
• Prepare detailed penetration testing reports and clearly communicate findings to technical and non-technical stakeholders.
• Continuously research and stay current on emerging vulnerabilities, security trends, and attack vectors in the web application landscape.
• Assist in security incident response by identifying and analyzing vulnerabilities that may be exploited during an attack.
• Conduct threat modeling and provide input on security requirements for application development.
• Develop and maintain custom scripts and tools to enhance penetration testing efforts.
• Mentor junior security team members and contribute to the overall knowledge base of the security team.

Qualifications:

• Proven experience in web application penetration testing, with a strong background in identifying vulnerabilities, performing manual testing, and using automated tools.
• Deep understanding of web application security concepts, including OWASP Top 10, secure coding practices, authentication and authorization mechanisms, session management, and input validation.
• Proficiency in using security tools such as Burp Suite, OWASP ZAP, Metasploit, and other custom scripts for penetration testing.
• Strong knowledge of web technologies such as HTML, JavaScript, CSS, AJAX, and HTTP/HTTPS protocols.
• Hands-on experience with exploiting common web vulnerabilities like SQL injection, XSS, CSRF, SSRF, RCE, XXE, and IDOR.
• Familiarity with security testing methodologies, frameworks, and standards (e.g., OWASP, PTES, NIST, MITRE ATT&CK).
• Strong scripting and programming skills (e.g., Python, JavaScript, Bash, PowerShell) to develop custom exploits and automate tasks.
• Strong analytical and problem-solving skills, with the ability to think like an attacker and identify creative ways to exploit vulnerabilities.

Preferred Certifications:

• Offensive Security Certified Professional (OSCP)
• Offensive Security Web Assessor (OSWA)
• Offensive Security Web Expert (OSWE)
• GIAC Web Application Penetration Tester (GWAPT)

Additional Skills (Preferred but not Required):

• Experience with cloud environments (AWS, Azure, GCP) and their security models.
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
• Knowledge of cryptography, secure communication protocols, and encryption standards.
• Experience in red teaming or advanced adversary emulation.

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

Our commitment to diversity, equity, and inclusion

Vanguard's commitment to diversity, equity, and inclusion (DEI) is central to our ability to deliver on our mission. We aspire to create a work environment that is inclusive, equitable, and diverse-one that enables our employees, whom we call crew, to thrive and bring their best selves to work every day on behalf of our clients.

Cultivating DEI lifts our entire organization, and everyone shares accountability for our progress-from our senior leaders who lay the foundation and set the example for inclusive behaviors to crew who are growing in their personal DEI learning experiences.

Together, we're on a mission. We are fueled by the value of diverse voices and connected through friendships and a culture of care-for our clients, our communities, and each other.

Vanguard's DEI journey has no finish line. Our commitment is enduring, and we remain focused on the path ahead. To learn more about Vanguard goals and progress toward DEI, download our Diversity, Equity, and Inclusion Report .

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.