Job vacancy Penetration Tester

·         BSc/MSc in computer science, computing and information systems, cyber security, forensic computing, network management, Computer systems engineering or related field or equivalent experience

·         3 years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures

·         Minimum of one (GPEN, CEH, and/or GWAPT) certification required

·         Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)

·         Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)

·         Network penetration testing experience, Protocol analysis, CTF experience, Secure coding practices,

·         Cryptography, Reading and writing assembly (x86 and ARM), Physical security or red team experience

·         Binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, Embedded systems experience

·         Web application penetration testing, Mobile application penetration testing

·         Source code vulnerability analysis, Serious problem-solving skills

·         an in-depth understanding of computer systems and their operation

·         excellent spoken and written communication to explain your methods to a technical and non-technical audience

·         attention to detail, to be able to plan and execute tests while considering client requirements

·         the ability to think creatively and strategically to penetrate security systems

·         good time management and organizational skills to meet client deadlines

·         ethical integrity to be trusted with a high level of confidential information

·         the ability to think laterally and 'outside the box'

·         teamwork skills, to support colleagues and share techniques

·         exceptional analytical and problem-solving skills & the persistence to apply different techniques to get the job done

·         business skills to understand the implications of any weaknesses you find

·         Commitment to continuously updating your technical knowledge base.

·         Experience in offensive security, with the ability to think like an adversary

·         Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks

·         Strong experience in operating system and application security hardening and best practices

·         Strong investigative mindset with an attention to detail

·         Experience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platforms

·         Experience  conducting assessments for solutions consisting of a variety of  technology stacks and architectural implementations and hosting  providers

·         Exposure and understanding of enterprise solutions from a functional and security perspective

·         Bachelor’s degree (or equivalent) in a technical field

·         Must have or be willing to get Offensive Security Certified Professional (OSCP) certification within 6 months

·         Network penetration testing and manipulation of network infrastructure

·         Web Application Penetration Testing

·         Email, phone, or physical social-engineering assessments

·         Shell scripting or automation of simple tasks using Perl, Python, or Ruby

·         Developing, extending, or modifying exploits, shell code or exploit tools

·         Developing applications in C#, ASP, .NET, Objective C, Go, or Java (J2EE)

·         Reverse engineering malware, data obfuscators, or ciphers

·         Source code review for control flow and security flaws

·         Strong knowledge of tools used for wireless, web application, and network security testing

·         Thorough understanding of network protocols, data on the wire, and covert channels

·         Solid understanding of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

 

·         Conduct highly complex offensive security operations testing  consistent with known adversary tactics techniques and procedures and  contribute to the development of objectives and approaches taken to  remediate risk

·         Document security issues and impacts identified  through offensive operations in a clear and concise manner to facilitate  reporting to impacted stakeholders

·         Provide guidance and  recommendations to stakeholders responsible for security remediation  actions to close identified gaps and remediation validation testing

·         Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures

·         Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff

·         Other duties as assigned

·         Assist in scoping and executing prospective engagements

·         Understand  and safely use various open source penetration testing tools and when  appropriate, emulating hacker tactics, techniques, procedures

·         Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results

·         Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing

·         While  in-between assessments, you will be expected to improve any existing  processes, develop tools, and potentially find new clients and  perspective hires

·         Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes

·         Assist in scoping and executing prospective engagements

·         Understand  and safely use various open source penetration testing tools and when  appropriate, emulating hacker tactics, techniques, procedures

·         Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results

·         Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing

·         While  in-between assessments, you will be expected to improve any existing  processes, develop tools, and potentially find new clients and  perspective hires

·         Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes

·         understand complex computer systems and technical cyber security terms

·         work  with clients to determine their requirements from the test, for  example, the number and type of systems they would like testing

·         plan and create penetration methods, scripts and tests

·         carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security

·         simulate security breaches to test a system's relative security

·         create reports and recommendations from your findings, including the security issues uncovered and level of risk

·         advise on methods to fix or lower security risks to systems

·         present your findings, risks and conclusions to management and other relevant parties

·         consider the impact your 'attack' will have on the business and its users

·         Understand how the flaws that you identify could affect a business, or business function, if they're not fixed.

·         Operate a hands-on role involving penetration testing and  vulnerability assessment activities of complex applications, operating  systems, wired and wireless networks, and mobile applications/devices

·         Develop and maintain security testing plans

·         Automate penetration and other security testing on networks, systems and applications

·         Develop  meaningful metrics to reflect the true posture of the environment  allowing the organization to make educated decisions based on risk

·         Produce actionable, threat-based, reports on security testing results

·         Act as a source of direction, training, and guidance for less experienced staff

·          Mentor and coach other IT security staff to provide guidance and expertise in their growth

·         Consult  with application developers, systems administrators, and management to  demonstrate security testing results, explain the threat presented by  the results, and consult on remediation

·         Communicate security  issues to a wide variety of internal and external “customers” to include  technical teams, executives, risk groups, vendors and regulators

·         Deliver  the annual penetration testing schedule and conducting awareness  campaigns to ensure proper budgeting by business lines for annual tests

·         Foster and maintain relationships with key stakeholders and business partners

 

461878

24 Mar, 2023 (2 days left)