Job description
As a Penetration Tester you will perform security vulnerability assessments on client’s core IT assets. With your expertise you will assess, identify, research and exploit vulnerabilities on application environments and underlying infrastructure. You will perform penetration and vulnerability tests with a grey box approach to give the client a birds eye view of the technical security gaps that can be exploited by hackers. Your technical activities are extended with documenting your findings and creating recommendations for improved infrastructure and application security.
Having insight in latest infra and web application scanning methodologies and tools like Tenables Nessus and Websecurify make you the ideal candidate that can be involved in performing network-based and web application security assessments. You are capable in developing own testing scripts and procedures and are familiar with software reverse engineering, payload analysis and exploit development.
Requirements
- Understanding and familiarity with common penetration testing methods and standards
- Minimum of 2 years work experience performing security penetration tests
- Be able to work independently
- Be able to deliver high quality written reports suitable for viewing line and senior management
- Strong team player with excellent English communicational skills
- Experience in executing network infrastructure penetration test assignments
- Experience in executing web application penetration test assignments
- Experience in vulnerability research or reverse engineering
- Experience with OllyDbg or WinDbg, IDA Pro, and BinDiff
- Exploit development with C, Java or shellcode preferred
- Excellent knowledge of Operating Systems like Windows, Linux, Solaris, OS X
- Familiarity with web Server and Application Software: IIS, Apache, WebLogic, WebSphere, Tomcat
- In depth knowledge of HTTP proxy tools such as Burp, Charles, Fiddler
- Good understanding of Web technologies such as XML, SOAP, AJAX
- Experience with application scanning tools like Websecurify (is a pre), IBM’s AppScan, HPs WebInspect, Acunetix and Netsparker
- Experience with network vulnerability scanning tools like Tenables Nessus