For one of our clients we are looking for a Penetration Tester
The client's security team performs continuous security assessment of existent application’s landscape. The goal of such testing is to identify and fix weak points before they are exposed by an attacker.
During the execution phase of this project, which will happen from 2019-2022, it is the ambition of the team to assess over 300 important applications.
Each evaluation is followed by a remediation phase to fix existing security flaws.
Perform network penetration, web, infrastructure and mobile application testing, source code reviews, threat analysis
Recognize and safely utilize attacker tools, tactics, and procedures
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Make suggestions for security improvements
Enhance existing methodology material
Minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments
Strong knowledges on tools used for wireless, web application, and network security testing, such as WebInspect, Kali Linux, Metasploit, Burp suite, Nmap, Cobalt Strike, Nessus and Scuba
An implementation level knowledge with all common classes of modern exploitation such as: XSS, RCE, SQLi, etc - Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, PHP, .NET, C#, or others
Mastery of Unix/Linux/Windows operating systems, including bash and Powershell
Thorough understanding of network protocols, data on the wire, and covert channels
Deep understanding and experience with various Active Directory attack techniques
Knowledge of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors
Red team experience with SAP system
Ability to share your in-depth knowledge with the team to train less experienced colleagues
Fluent in English, due to the international character of the project