The selected candidate will be executing penetration testing assessments across a variety of various commercial organizations. This individual should be a motivated self-starter and have a strong foundation and understanding in Information Technology and security vulnerabilities as well as be familiar with threat modeling and attack scenarios.
The desired candidate must be able to provide actionable recommendations and guidance for clients based on the assessment findings. This candidate should have excellent communication skills, both written and oral, be willing to learn and execute on any client requests, and have the ability to interact with customer staff in structured and unstructured situations.
- 3+ years of experience with penetration testing against a wide variety of applications including web, mobile, and thick client above and beyond running automated tools
- At least 2 years’ experience with one or more of the following technologies: C, C++, PHP, Python, cryptography, reverse engineering, wireless networks, exploit development.
- Experience with penetration testing against internal and external facing corporate infrastructures
- Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
- Strong competence into documenting technical issues identified during security assessments and recommending technical improvements
- Good understanding of security practices, security risk management processes, principles, architectural requirements,
- Strong communication skills, both written and spoken.
- Penetration Testing related certifications such as: CEH, OSWP, OSCP, GPEN, are preferred
- Attested contribution in uncovering security bugs in an ethical manner will be regarded as an advantage
- Application and infrastructure testing methodologies (OWASP and PTES)
- Hands-on experience for both Windows and Unix related operating Systems
- Application and infrastructure vulnerabilities
- Exploit research and mitigation
- Assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc.
- Reverse-engineering of software will be considered a strong plus
- Expertise with embedded devices and IoT’s will be considered an advantage
- Threat modeling methodologies
- Security source code review or development experience in C/C++, C#, VB.NET, ASP, or Java
- IDS and AV evasion techniques
- Good knowledge of networking devices and protocols
- Experience writing scripts in PowerShell, Ruby, Python, BASH, etc.
The candidate will be required to demonstrate a clear criminal record / police clearance certificate.