We are looking for a passionate and skilled penetration tester to join our security team and help us protect our systems and data from cyber threats. As a penetration tester, you will be responsible for conducting ethical hacking activities on our network, web, mobile, and cloud applications, and identifying and reporting any vulnerabilities or weaknesses that could compromise our security. You will also provide recommendations and guidance on how to remediate the identified issues and improve our security posture.
Responsibilities:
Perform penetration testing on our network, web, mobile, and cloud applications, using both automated and manual tools and techniques.
Identify and exploit vulnerabilities and weaknesses in our systems and applications, and document the findings in clear and concise reports.
Provide remediation recommendations and guidance on how to fix the identified issues and prevent future attacks.
Communicate effectively with the security team and developers on the results and progress of the penetration testing activities.
Research and stay updated on the latest trends, tools, techniques, and best practices in penetration testing and security.
Requirements:
Knowledge of operating systems, networks, applications, programming languages, and security tools and frameworks.
Proficiency in using common penetration testing tools such as Nmap, Metasploit, Burp Suite, OpenVAS, etc.
Ability to think creatively and analytically, and solve complex problems.
Ability to discover the business logic vulnerability.
Ability to exploit vulnerabilities in common programming languages
Excellent written and verbal communication skills, and attention to detail.
Preferred:
Certifications such as OSCP, CEH, GPEN, etc.
Experience in performing web application security testing using OWASP methodology.
Experience in performing mobile application security testing using MSTG methodology.
Experience in performing cloud security testing using CSA methodology.
Nice to have:
Experience with SIEM service(Elastic stack/Splunk)
Experience in DevOps/DevSecOps
Experience in Bug Bounty program/Common Vulnerability labs
Experience Secure code review and white-box testing
Experience with network security tools such as Fortigate firewalls, Fortiweb, WAF, etc.
