Job Openings Senior Penetration Tester

About the job Senior Penetration Tester

Main Job Responsibilities:

  • Test planning
    • Work with clients to determine their requirements from the test, for example the number and type of systems they would like testing.
  • Testing methods
    • Plan and create penetration methods, scripts and tests.
  • Penetration Testing
    • Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security.
    • Simulate security breaches to test a system's relative security.
    • Perform penetration testing against Mobile Applications, Web Applications, APIs Network and Active directory  
  • Penetration Testing results reporting
    • Create reports and recommendations from your findings, including the security issues uncovered and level of risk.
    • Advise on methods to fix or lower security risks to systems.
    • Present your findings, risks and conclusions to management and other relevant parties.
    • Consider the impact your 'attack' will have on the business and its users.
    • Understand how the flaws that you identify could affect a business, or business function, if they're not fixed.
  • Manage penetration testers staff
    • Achieve department goals and strategy.
    • Review the penetration testers reported.
    • Improve the penetration testing process based on analytical reports review.
  • Perform a manual review of the code, along with the use of automated testing tools, such as Burp Suite, is essential.
  • Research vulnerabilities to validate, determine or confirm exploitability and impact.
  • Test for weaknesses in common software, web applications and proprietary systems.
  • Perform vulnerability assessments/remediation consulting.
  • Research, evaluate, document, and discuss findings with IT teams and management.
  • Establish improvements for existing security services, including hardware, software, policies, and procedures.

Skills & Experiences:

Qualifications:

  • A relevant degree, in-depth knowledge of computer operating systems
  • Having a similar training or certification is a plus.
    • Current holder of penetration testing certifications (GPEN, CISSP ,OSCP, OSWP, OSCE, GXPN, CPENT, eCPTX, eCPPT, eWAPTX, eMAPT).
  • Excellent spoken and written communication to explain your methods to a
    technical and non-technical audience.
  • Attention to detail, to be able to plan and execute tests while considering client
    requirements.
  • The ability to think creatively and strategically to penetrate security systems.
  • Good time management and organizational skills to meet client deadlines.
  • Ethical integrity to be trusted with a high level of confidential information.
  • The ability to think laterally and 'outside the box'.
  • Teamwork skills, to support colleagues and share techniques.
  • Exceptional analytical and problem-solving skills and the persistence to apply
    different techniques to get the job done.
  • Experience:
    • 3+ yrs  in penetration testing.
  • Experience in testing web-based APIs (i.e., REST, SOAP, CRUD).
  • Ability to perform a secure code review and a solid understanding of web app programming languages and frameworks (PHP, Java, JavaScript, Node.JS ).
  • Stay updated on the latest malware and security threats.
  • Analyze security findings and perform risk analysis.
  • Knowledge of common security framework (NIST, **ISO 27000, OWASP**)

Advanced understanding of:

  • Network security devices (firewalls, proxies, NIDS/NIPS, etc.).
  • Platform and application-layer penetration testing techniques.
  • Adversary techniques, tactics, and protocols and related countermeasures.
  • Network security monitoring systems and protocols.
  • Security standards and best practices.
  • Networking and network security.
  • Relevant programming and scripting languages (Ruby, Python, Go, Bash, PowerShell, JavaScript, etc.).
  • Cyber and IT security risks, threats and prevention measures.

Or refer someone