استخدام Penetration Testing Engineer

شرح موقعیت شغلی

• Conduct formal both automated and manual penetration tests using approved standard methodologies to identify and exploit vulnerabilities in networks, systems and applications owned by Legal Technology
• Assess security controls for large enterprise systems and applications, and hosting infrastructure
• Evaluate configurations and implementations of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), IDS / IPS, wireless networks, etc. against legal requirements, organization’s local policy, industry best practices
• Conduct security system engineering based on industry best practices and common frameworks
• Document technical and logical security findings identified during the security assessments, and report them in a timely manner
• Provide consultative support with implementation of remediation steps, standards, and best practices
• Advise on methods to fix or lower security risks to systems
• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
• Develop and maintain security testing plans
• Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Produce actionable, threat-based, reports on security testing results
• Act as a source of direction, training, and guidance for less experienced staff
• Mentor and coach other IT security staff to provide guidance and expertise in their growth
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Deliver the periodical penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
• Foster and maintain relationships with key stakeholders and business partners

• Experience with API testing and Mobile Application testing
• Hands-on experience with two or more scripting languages such as Python, Powershell, Bash, or Ruby.
• Familiarity with penetration testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc.
• Proficiency or experience in any one of the following tools would be an added advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK, Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security.
• Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review.
• An aptitude for technical writing, including assessment reports and presentations.
• Strong understanding of penetration testing frameworks.
• Advanced knowledge of mobile application testing techniques, software, protocols and the ability to bypass common mobile application security controls.
• Understanding of offensive security, including offensive evasion techniques.
• General knowledge of web applications, databases, mobile, and cloud applications.
• Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile).
• Ability to think outside the box and emulate adversarial approaches.

• minimum 3 years of operational experience in Information Technology & Information Security
• Good written and verbal communication skills in English
• University Degree in Computer Science, Computer Engineering or other relevant field.
• Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset.
• Good interpersonal communication and presentation skills.
• Ability to be a team player.
• Ability to work effectively in multiple cultures and at a range of levels.
• Ability to constantly build up skill set using a mix of self-motivated and course based learning environment.
• Ability to work independently, proactively to see the big picture and work through solutions as needed.
• Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), anti-malware, IDS and other security technologies.
• Basic understanding of virtualization and software-defined data center concepts.
• Knowledge of OSI reference model and networking fundamentals (switching, routing, load-balancing, firewalling).
• Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
• Basic understanding of cryptographic functionality within such protocols would be of advantage.
• Familiar with Security Regulations and Standards.

مهارت‌های مورد نیاز

• Python
• Bash
• Ruby
• NoSQL
• MySQL

حداقل سابقه کار

• سه تا شش سال

جنسیت

• مهم نیست

وضعیت نظام وظیفه

• معافیت دائم پایان خدمت

مشاهده آگهی‌های استخدام مشابه