Penetration Tester - آقا

Key Responsibilities:

●    Perform comprehensive manual and automated penetration testing on web applications, mobile apps (iOS/Android), APIs (REST, GraphQL), SPAs, SaaS and PaaS platforms.
●    Execute network penetration testing across enterprise networks, cloud infrastructures (AWS, Azure, GCP), and on-premises environments.
●    Identify, exploit, and document a wide range of vulnerabilities, including but not limited to:

●    Participate in bug bounty programs, triaging submissions, validating findings, and collaborating with external researchers.
●    Conduct secure code review for both client-side and server-side applications to identify potential security issues.
●    Develop Proof-of-Concept (PoC) scripts using Go, Python, JavaScript, or similar to demonstrate vulnerabilities.
●    Create detailed technical reports for developers and executive summaries for leadership, including remediation guidance.
●    Collaborate with development teams to reproduce, prioritize, and remediate vulnerabilities effectively.
●    Stay updated on emerging threats, exploit techniques, and industry standards (e.g., OWASP Top 10, OWASP MASVS, WSTG).
●    Contribute to secure SDLC processes and provide guidance on integrating security into CI/CD pipelines.
 
Key Requirements:

●    Deep understanding of network (e.g., DNS, BGP, CDN), and web Concepts (e.g., HTTP, SOP)
●    Deep understanding of web vulnerabilities, exploitation techniques, and mitigation strategies.
●    Hands-on experience in Capture The Flag (CTF) competitions, with a proven track record of participating and solving challenges in at least 10 CTF events.
●    Experience testing APIs (REST, GraphQL) and SPAs
●    Strong Linux OR Windows, and Active Directory environment experience.
●    Strong scripting skills in Python/Go, JavaScript and Bash scripting 
●    Familiarity with bug bounty platforms

Certifications (Highly Advantageous):

●    OSCP, OSWE, OSEP, CRTP, eWPTX, eMAPT, CEH Master, or equivalent certifications.
●    Documented success in Bug Bounty Platforms (HackerOne, BugCrowd, Intigriti, etc.).
●    Fluent technical English skills for documentation, reporting, and international collaboration.

Personal Qualities:

●    Strong attacker mindset and analytical thinking capabilities.
●    High attention to detail in identifying complex and hidden vulnerabilities.
●    Strong sense of responsibility with excellent documentation and reporting skills.
●    Continuous learning mindset to stay updated on cutting-edge offensive security techniques.
●    Effective communication skills to collaborate with both technical and non-technical stakeholders.