Penetration Tester - Security Tech Tribe

Opis stanowiska

• Examine the source code to find flaws and vulnerabilities

• Carry out manual penetration testing, highly technical and analytical security evaluations, source code and configuration reviews

• Perform network pentests

• Assist in the organized coordination of security testing projects, including the preparation of test plans, test cases, test results, and vulnerability mitigation techniques

• Assist in tracking down security flaws, fixing them, and their risk acceptance

• When necessary, code simple proof-of-concept attacks for vulnerabilities

• Evaluate business requirements and design specifications to determine probable misuse scenarios and determine product release risk and complexity

• Conduct assessments of new security testing technologies and offer suggestions

• Follow news sources related to the security sector and stay current with advancements, research, and events

• Take part in team discussions to create new or improve current standards and practices

• Analyze potential malware samples

• Conduct reverse engineering

• Delve into the world of red teaming

• Mentor junior team members

Wymagania

• 5+ years of prior demonstrable hands-on experience in penetration testing.

• Solid and demonstrable knowledge of scripting and programming

• The capacity for critical thinking and ability to formulate and communicate the issues and effects that have been identified

• Penetration testing know-how of web applications using the Black-Box, Grey-Box, and White-Box techniques

• Applying testing methodologies as necessary to technologies and risks; understanding the business context and significance of technical penetration testing findings

• Possessing the flexibility and entrepreneurial spirit

• Self-discipline and time management skills

• Proven aptitude at resolving difficult technical issues

• A thorough understanding of Linux and Windows platform security models

• Knowledge of the containers world and of the cloud

• Working understanding of both manual and automated testing techniques for performing penetration tests on widely understood infrastructure

• The capacity to comfortably converse on cyber security topics in a natural manner with both technical and non-technical audience

• Excellent awareness of security implications and challenges related to TCP/IP

• Comprehensive knowledge of network protocols including the wireless ones

• Strong understanding of Kali operating system and in particular tools such as: Burp, Metasploit, Meterpreter, Hashcat, IDA

Nice to have:

• OSCP, OSEP, CPTS, BSCP, CISSP certifications

• Cloud Services know-how (AWS, GCP, AZURE)