We are seeking a highly skilled and motivated Penetration Tester to join our dynamic team. As the Penetration Tester, you will be responsible for conducting comprehensive security assessments of our applications and services to identify vulnerabilities, security code review, and mitigate security vulnerabilities.
Also collaborating in the DevSecOps process and securing the pipelines is another important thing for improving the organization's security.
This is an excellent opportunity for a seasoned professional with a strong background in penetration testing, application security, and bug-hunting skills to make a significant impact in a growing organization.

Key accountabilities:

• Execute penetration testing engagements to identify vulnerabilities in our systems, networks, and applications.
• Develop and maintain penetration testing methodologies, processes, and standards to ensure consistent and effective testing practices.
• Conduct adversarial attack simulation exercises and red teaming.
• Develop and maintain automated testing frameworks and tools to ensure the security of our applications and services.
• Collaborate in the DevSecOps process and secure the pipelines (SSDLC).
• Collaborate with internal security team members, and cross-functional teams, including development, operations, and IT, to address identified vulnerabilities and implement appropriate remediation measures.
• Stay updated on the latest security threats, vulnerabilities, and industry trends to continuously enhance the penetration testing program.
• Prepare comprehensive reports and presentations on the findings of penetration testing engagements, including recommended remediation actions.

·  Competencies and skills:

• Strong knowledge of penetration testing and methodologies (eg. OWASP WSTG, MSTG).
• Able to use industry trend tools such as Burp Suite, Nessus, Cobalt Strike, etc.
• Able to contribute “Red Teaming” and Advanced Intrusion Testing skills including design, development, and delivery of advanced adversarial techniques (e.g. including social engineering, AV/EDR evading).
• Able to assess operating systems, and network services for vulnerabilities.
• Proficiency in automating security tests and processes using scripting languages such as Python, Golang, or Shell.
• Able to do independent research and devise new and novel attack methods.
• Able to document and suggest recommendations to mitigate identified vulnerabilities.
• Understand computer network (including TCP/IP) fundamentals and common high level protocols.
• Understand operating systems.
• Understand HTTP and web application technologies.
• Understand protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
• Advanced knowledge of issues and vulnerabilities related to either Infrastructure or Application.
• Understand Red Team lifecycle.
• Understand DevOps, CI/CD.
• Knowledge of containerization technologies such as Docker and Kubernetes.
• Understand the inherent risks of working with simulated attack technology & techniques and how to work responsibly and protect the knowledge & capability effectively.