استخدام کارشناس تست نفوذ
شرح موقعیت شغلی
Responsibilities:
· Act as an active responsible person for the process of penetration testing and exercises (even with the support of testing contractor)
· Act as an active responsible person for the process of penetration testing and exercises (even with the support of testing contractor)
· Lead and maintain networking, infrastructure and web/mobile application penetration testing to take the vulnerabilities out of the theoretical realm to truly demonstrate the risk
· Engage with multiple stakeholders of business and technical throughout the vulnerability lifecycle for communicating issues and provide remediation guidance
· Prepare and document penetration testing procedures and schedule test plans
· Perform security reviews of application designs, source code, and deployments as required, covering all types of applications (web application, web services, mobile applications, cloud SaaS)
· Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
· Lead the execution of pen-testing team exercises prioritized on risk level for the Company
· Communicate and report application vulnerability and security assessments to the upper management
Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of our applications
Requirements:
· BSc or higher degree in IT, Computer, Electronics, Telecommunications or other related fields
Requirements:
· BSc or higher degree in IT, Computer, Electronics, Telecommunications or other related fields
· Good understanding of fix and mobile network architecture (GSM, UMTS, LTE, IP, Internet)
· Detailed knowledge of common vulnerabilities (OWASP Top 20), exploits, and attacks used during a penetration test
· Expert knowledge, skills, and abilities in the use of common vulnerability assessment and penetration testing tools such as Metasploit, Nessus, Nmap, Burp Suite, PowerSploit, Empire, Qualys and Impacket, etc.
· Basic familiarity with Incident response framework, EDRs, SIEM and Security devices
· OSCP, OSCE, CREST, GPEN, GWAPT, GXPN, CEH and other industry certifications are a plus.
· Expertise on penetration testing tools and simulation environment
· Strong application/product/software security background
· Knowledge of web application design & implementation concepts
· Basic experience with web development and scripting languages is desired (e.g., JavaScript, Python, Ruby, PHP, Perl, or Java)
مهارتهای مورد نیاز
- تست نفوذ
- OWASP
- GSM
حداقل سابقه کار
- سه تا شش سال
جنسیت
- مهم نیست
وضعیت نظام وظیفه
- مهم نیست