Penetration Tester

PENETRATION TESTER

Qualifications: at least 7 years of experience in Penetration Testing, OSCP and CEH certifications are required and non-negotiable

Responsibilities:

• Perform penetration tests on computer systems, networks, and applications
• Create new testing methods to identify vulnerabilities
• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
• Search for weaknesses in common software, web applications, and proprietary systems
• Research, evaluate, document, and discuss findings with IT teams and management
• Review and provide feedback for information security fixes
• Establish improvements for existing security services, including hardware, software, policies, and procedures
• Identify areas where improvement is needed in security education and awareness for users
• Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
• Stay updated on the latest malware and security threats

Skills and Competencies:

• Deep understanding of the OWASP guidelines
• Hands-on experience with penetration testing tools
• Able to create and follow up tickets related to security issues
• Able to document and propose solutions and guidelines to developers and infrastructure engineers on best practices.
• Robust creativity and problem-solving skills
• Ability to think analytically
• Knowledge of technical systems and terminology
• Proficiency in scripting languages
• Ability to identify and exploit vulnerabilities
• Advanced written and verbal communication skills

Required Skills:

• Candidate must possess at least a Bachelor's/College Degree in Computer Science, Information Technology, Engineering or other related fields.
• At least 7 years of experience in Security Vulnerable, Exploitation, and Penetration testing. 
• Experience with OWASP testing Guide/Open Source Security Testing Methodology Manual.
• Experience deploying enterprise security testing solutions.
• Certified Ethical Hacker (CEH).
• Offensive Security Certified Professional (OSCP).
• Other relevant certifications (e.g., OSWE, OSCE, GPEN) are a plus.
• Proficiency in using penetration testing tools such as Metasploit, Burp Suite, Nessus, Wireshark, and Nmap.
• Experience with pen-testing process automation (eg. scripting).
• In-depth knowledge of common vulnerabilities and attack vectors, as well as the ability to exploit them.
• Background with Qualys, Tenable, and OpenVAS Vulnerability Scanners.
• Strong understanding of network protocols, operating systems, and web application technologies.
• Ability to perform application and infrastructure threat modelling.
• Strong communication skills, both written and verbal, to effectively convey findings and recommendations to technical and non-technical stakeholders