Cyber Attack Surface Management Analyst

Job Title: Attack Surface Management Analyst

Job Location: UniOps Bangalore

ABOUT UNILEVER:

Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.

Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.

ABOUT UNIOPS:

Unilever Operations (UniOps) is the global technology and operations engine of Unileveroffering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit.

Unilever is one of the world’s leading consumer goods companies with operations in over 190 countries and serving 3.4 billion consumers every day. Unilever delivers best in class performance with market making, unmissably superior brands which include Dove, Knorr, Domestos, Hellmann’s, Marmite and Lynx. Our strategy beings with a purpose that places our consumers at the heart of everything we do, “Brighten everyday life for all”.

Role Purpose:

This role supports the Offensive Security Lead in executing and maturing Unilever’s offensive security program through a combination of hands-on penetration testing, red teaming support, and MSSP governance. The role focuses on identifying, validating, and managing exploitable risks across applications, APIs, mobile, AI agents and factory OT systems, while ensuring high-quality and well-coordinated testing delivery.

Role Summary:

The Offensive Security Assistant Manager contributes to Unilever’s proactive cyber defence by combining technical testing capability with structured program execution. The role involves performing manual penetration testing and vulnerability validation, while also coordinating with external vendors to ensure effective coverage, quality, and timely execution of assessments.

The role provides practical attacker-driven insights into real-world risk exposure, External Attack Surface Management (EASM), Deception technologies and Decoys, vulnerability lifecycle management while supporting the end-to-end pentesting lifecycle with App managers, maintains visibility of findings, and drives remediation with relevant teams.

The position requires an attacker mindset, strong technical fundamentals, and effective stakeholder coordination skills, enabling the individual to contribute both hands-on and operationally across multiple offensive security streams.

Main Accountabilities

• Perform penetration testing across web, APIs, mobile, and cloud environments; validate vulnerabilities and assess exploitability.

• Support red teaming and adversary simulation activities to test security controls and detection capabilities.

• Drive pentest lifecycle execution – scoping, planning, access coordination, tracking, and closure.

• Coordinate with external vendors/MSSPs, ensuring quality of testing, actionable reporting, and adherence to timelines.

• Review and challenge pentest findings for accuracy, severity, and business impact.

• Support risk-based prioritization and remediation tracking in collaboration with application, cloud, and infrastructure teams; support vulnerability management

• Oversee AI, OT and other factory related offensive testing

• Responsible for managing deception tech platform and work with engineering and threat intelligence team

• Contribute to improving offensive security processes, standards, and playbooks.

Key Skills and Relevant Experience

Skills:

• Hands-on expertise in manual penetration testing (web, API, mobile).

• Strong knowledge of OWASP Top 10, API security, authentication/authorization flaws, and business logic issues.

• Familiarity with MITRE ATT&CK, red teaming techniques, and attacker methodologies.

• Working knowledge of cloud security vulnerabilities (Azure/AWS/GCP) and common misconfigurations.

• Understanding of vulnerability management and risk-based prioritization.

• Awareness of AI security risks / AI pentesting concepts, OT concepts.

• Ability to validate and quality-check vendor outputs.

• Strong stakeholder communication and execution skills.

Experience:

• 5–8 years in Offensive Security, Application Security, or Penetration Testing.

• Proven hands-on experience in web/API/mobile security testing.

• Exposure to red teaming or adversary simulations is desirable.

• Experience working with external pentest vendors/MSSPs.

• Familiarity with cloud environments and modern application architectures.

• Knowledge of frameworks such as OWASP, MITRE ATT&CK, NIST.

• Certifications (e.g., OSCP, GPEN, GWAPT, CEH) are a plus.

Note: "All official offers from Unilever are issued only via our Applicant Tracking System (ATS). Offers from individuals or unofficial sources may be fraudulent—please verify before proceeding."