Sr. Analyst
Nasdaq is continuously revolutionizing markets and undergoing transformations while we adopt new technologies to develop innovative solutions, constantly aiming to rewrite tomorrow. As a Sr. Analyst - Information Security one is expected to perform in-depth security testing, simulate real-world attacks, and provide actionable remediation guidance to strengthen the organization’s security posture using industry best practices and AI.
We are looking for candidates with a genuine desire and drive to deliver top technology solutions to today's markets
With this position we offer
Join the Global Information Security team at Nasdaq. The main objective for the infosec team in Bangalore is to deliver projects for Global Nasdaq to operationalize and maintain the state-of-art security stack. As our new member, you will work with a group of enthusiastic and experienced team members. Together with your team, you will be responsible for Information Security representation and support to development teams.
As Sr. Analyst - Information Security, your focus will be on application security testing. Besides working closely with your colleagues in Bangalore, you will also work closely with Nasdaq teams in other countries.
Role Responsibilities -
- Conduct application penetration testing on web applications, APIs, and backend systems.
- Identify, exploit, and validate vulnerabilities including:
- SQL Injection
- Cross-Site Scripting (XSS)
- Authentication and authorization flaws
- Session management issues
- Parameter tampering and input validation errors
- API and web service vulnerabilities
- Perform both manual and automated security testing using tools such as Burp Suite, OWASP ZAP, and similar platforms.
- Apply OWASP Top 10 and OWASP Testing Guide methodologies during assessments.
- Use CVSS scoring to classify and prioritize vulnerabilities.
- Analyze application behavior to uncover complex vulnerabilities beyond automated scanning.
- Prepare detailed security assessment reports, including:
- Proof of concept (PoC)
- Risk ratings
- Remediation recommendations
- Work closely with development teams to:
- Explain vulnerabilities
- Recommend fixes
- Validate remediation efforts
- Stay updated on emerging threats, exploit techniques, and security trends.
- Maintain documentation of findings, methodologies, and remediation tracking.
We expect you to have: (Minimum Qualifications)
- Overall experience of 2 to 4yrs in Application information Security.
- Secure coding practices across languages (Java, Python, JavaScript)
- Basic scripting skills in Python or Bash for automation
- Degree qualified in Computers Science, Information Systems or other related discipline, or equivalent work experience.
Experience testing modern architectures (APIs, microservices, cloud applications)
It would be great if you (Preferred Qualifications)
- Experience using AI and frontier models during security testing
- An interest in playing capture the flag challenges
Does it sound like you?
As the selection process is ongoing, please submit your application in English as soon as possible. We will get back to you in 2-3 weeks.
Come as You Are
Nasdaq is an equal opportunity employer. We welcome applications from candidates of all backgrounds and identities.
We are committed to fostering an inclusive workplace where diverse perspectives, experiences, and identities are valued and celebrated.
We ensure that individuals with disabilities are provided with reasonable accommodation throughout the hiring process.