استخدام کارشناس تست نفوذ و امنیت(دورکاری)
شرح موقعیت شغلی
The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriente
What you will get to do:
· Perform Manual assessments and penetration tests on a wide range of IT products, Application, Networks and Cloud Environments to identify weaknesses and exploit them to determine impact and severity of vulnerabilities in technologies, processes, and personnel security controls.
· Conduct regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.
· Understand and utilize sophisticated tools to identify, analyze, and exploit previously unknown bugs and Vulnerabilities to create zero-day exploits in software. Utilize various methods of threat modeling and vulnerability assessment including vulnerability scanners, password crackers, network protocol attacks.
· Work closely with other application security engineers to perform reviews and tests to analyze and present results of testing to team members, managers, and customers.
· Write detailed problem reports, test plan documents, and mitigation recommendations and Generally the Penetration Testing Report
Qualifications:
· 2+ years’ experience of vulnerability assessment and penetration testing
- Excellent English written and oral communication skills to perform Presentations for Customers
· experience of programming in Python, PHP, Perl, Ruby, .NET, or other interpreted or compiled languages
· Experience to work with following Technologies:
- Security testing tools including Metasploit, Nmap, Nessus, Burp Suite, or equivalents
- Linux operating systems
- Microsoft technologies
- Mobile application programming and/or security testing (Android and IOS)
- Web application technologies
- Network implementation (operational and security)
- Source code analysis software
- Familiarity with security standards and Compliances (NIST, FISMA, PCI-DSS, HIPAA, etc.)
- Willingness to learn new technologies and compatibility to Dynamic working procedures
· Familiarity with and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of Different Cases of threat models.
- Familiar with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes
· Ability to prioritize and organize operationally complex work, with great attention to detail
- ability to identify and reproduce reported vulnerabilities from other Sources, as well as assess contextual risk
Nice to Haves
These skills are not required, but if you have any of them, you are likely a good candidate for the position:
- Completed OSCP, OSCE, or a similar security certification
- Understanding of application design, development, and testing techniques as well as Secure Software Develop Life Cycle
- Involved in Bug Bounty program
- Participated in a Capture the Flag event
- If you have an in-deep knowledge of a specific technology, teach us about it. Our engineers have a wide breadth of security knowledge, but we love it when engineers have an extensive understanding of one technology.
مهارتهای مورد نیاز
- تست نفوذ
- امنیت
- Linux
- Android
- IOS
حداقل سابقه کار
- سه تا شش سال
جنسیت
- مهم نیست
وضعیت نظام وظیفه
- مهم نیست