岗位职责:
• Carry out application, network, systems, devices and infrastructure penetration tests
• Performs various aspects of vulnerability assessments / penetration tests across a wide variety of platforms and technologies.
• This role will also include the execution of targeted testing activities to identify weaknesses and methods in which to exploit them.
• Help evolve the knowledge of adversarial TTPs and apply that knowledge when evaluating and testing corporate resources. Adherence to the highest standards of safety, ethics, and professional conduct are critical requirements of this position.
• Support project initiatives to assess vulnerabilities in IT assets (via penetration tests, social engineering, testing policies and procedures, etc.).
• Gain exposure to real world cybersecurity related threats and how they can impact business.
• Apply existing IT technical expertise to address cybersecurity related issues and challenges
• Keep up-to-date with tools, countermeasures, threats and technologies.
• Share knowledge, document procedures and mentor other team members and peers.
• Develop and refine tools, templates and methodologies.
• Interpret vulnerabilities, identify weaknesses, exploit them and escalate access
• Enhance existing methodology material
• Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, IoT devices Penetration Testing, Social Engineering and Open Source Intelligence and Physical Security Testing.
• Good level of proficient in commercial and open source security tools (e.g., Kali Linux, Nessus, Nmap, Web Inspect, Metasploit, Core Impact, Burp Suite, Acunetix, Maltego, Coverity, Faraday, Wireshark, etc.).
- Scripting (Ruby, Python, PowerScript, JavaScript) and application development.
• Several years of experience in penetration testing of
- Network infrastructure
- Web applications / web services / Databases
- Rich clients
- Mobile Apps (iOS/Android)
- IoT architecture and devices
• Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
• Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
• Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.
• Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming language.
• Ability to facilitate meetings and conversations
任职条件:
• Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering or related field.
• Strong Information Technology and Cyber Security background.
• Minimum four years of conducting penetration testing on live corporate and production environments.
• Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and an in-depth experience in at least two area of relevant technology.
• The candidate should be analytical and creative with the ability to drive threat identification to closure.
• A strong core understanding of security tests and experience, possess strong skills in both computer and networking hardware and software.
• Excellent technical expertise (in both breadth and depth), written communication skills, time management skills, and the ability to communicate effectively with numerous lines of business representatives.
• Must be willing to work flexible hours, to include weekends; they must also be able to travel, as required.
• Experience with open source and commercial penetration testing security tools in an enterprise environment.
• Proficiency with Windows, Unix/Linux, and mobile platform operating systems.
• Ability to utilize and gather Intelligence for indicators, information gathering, Operations Security, and Open Source Intelligence.
• Knowledge of exploits, threat actors, and attack methods.
• Effective analytical and critical thinking skills - proven problem solving and remediation.
• Demonstrated strong practices in security engineering, network protocols, computer security, and network security.
• Effective reporting, communication, and presentation skills.
• Teamwork and Collaboration Experience:
- Able to build and maintain relationships throughout the enterprise and to effectively engage subject matter experts as needed to ultimately draw upon the best experience base possible.
- Must be a solid team player willing to share new technology knowledge with the team.
• Organizational and Customer Focus:
- Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate and document the scope of a vulnerability assessment engagement.
- Able to manage of priorities and deliverables, and heavy interaction with numerous lines of business representatives will be required.
• Risk Management:
- Comprehension of OWASP Top 10 (both web and IoT), OSSTMM, PTES, NIST und ISSAF technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.
- Able to identify and prioritize discovered vulnerabilities in enterprise business systems.
• Comfortable working in a fast-paced environment
• Cybersecurity preferred certifications: Offensive Security OS(C(P|E)|EE), GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), CEH.
• 3+ years of experience in penetration testing/Red Team and security code review experience.
• Strong coding skills including any of the following: C#, HTML, ASP.NET, Python, PowerShell
• Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
• Good communication skills (written and verbal) either in German or English