Penetration Tester Senior ( Web Application Penetration Tester )
Job Description
+5 years of experience
Notice - 15 days
What You Will Be Doing
- Executes security controls to prevent hackers from infiltrating company information or jeopardizing programs.
- Researchers attempted efforts to compromise security protocol and recommend solutions.
- Maintains security systems and administers security policies to control access to systems.
- Maintains company firewall and utilizes applicable encryption methods.
- Creates information security documentation related to work area and completes requests in accordance with company requirements.
- Responds to information security-related questions and inquiries using established information security tools and procedures.
- Resolves and/or performs follow through to resolve all information security issues and questions.
- Implements and administers information security controls using software and vendor security systems.
- Identifies opportunities and executes plans to improve workflow and understands and quantifies business impacts of those improvements for communication to management.
- Interfaces with user community to understand security needs and implements procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security.
- Provides status reports on security matters to develop security risk analysis scenarios and response procedures.
- Other related duties assigned as needed.
What You Bring (Required Skills and Experience)
- Experience with industry-standard ethical hacking tools for scanning, exploitation, packet capture, and brute-force attempts (Kali Linux, Metasploit Framework, Nmap / Zenmap, Wireshark, John the Ripper, Burp, Nessus/Tenable, OWASP ZAP)
- Scripting ability (Python, Bash, Ruby, etc.) for automation and assessment purposes.
- Experience in Bug bounty upto P3, P4 Level Severity Minimum.
- Experience in API Security in depth with the knowledge of Manually fuzzing and finding different ways to exploit sensitive information.
- Experience in Static and Dynamic analysis of Mobile apps in critical sector like Healthcare and Banking.
- Experience in mixed-mode architectures employing heterogenous (IT/OT) devices and systems, such as DoD/IC equipment systems, industrial control systems, or equivalent Experience with functional and integration testing, understanding the interplay between functional requirements and security requirements
- Proven industry experience in red team operations.
- Ability to create and implement tactics, techniques and procedures (development of scripts, tools, and methods) that can be used in red team engagements (including C2 framework management) is required. Deep knowledge of assessing both Windows and Linux environments, including strong knowledge of Active Directory.
- Deep knowledge of various Operating Systems and network principles.
- Strong understanding of PTES and MITRE Telecommunication&CK framework.
- Knowledge of how modern solutions are designed and deployed across different platforms.
- Ability to program or script in your preferred language.
- Experience with both zero-knowledge hacking practices (TryHackMe, Hack the Box, etc.) and knowledge-based hacking practices (Nessus/Tenable, etc.)
- Knowledge of network architecture and hardware (switches, hardware, and software firewalls, etc.)
- Knowledge of multiple operating systems and their relative security practices
- Familiarity with common cryptographic methods and protocols.
- Familiarity with Agile methods and practices for issue tracking (Jira).
- Familiarity with basic cloud architecture and platforms (AWS, GCP, etc.)
- Bachelor's or Associate's degree in computer science, information technology, cybersecurity, or a related field Comfort in fast-paced, rapid growth environments.
- Experience in public companies is a plus.
- A passion for sustainability is critical to our purpose, mission, and vision!
EDUCATION REQUIREMENTS
Bachelor's degree in computer science or the equivalent combination of education, training, or work experience.
Along with a relevant degree, if you have one or more professional qualifications would be an added advantage:
Offensive Security Certified Professional (OSCP)
CEH, ECSA
Company certification schemes from major vendors and equipments providers like Microsoft (MCP, MCSE) or Cisco (CCNA Security)
