Security Testing Engineer

JD:

As a Security Engineer, you will perform authorized penetration tests on computer systems in order to expose weaknesses in their security that could be exploited by criminals. You can choose to specialize in manipulating a particular type of system, such as:

Network and infrastructures

Windows, Linux and Mac operating systems

Web/Mobile applications

APIs and Web Services, etc.

Skills:
Security Testing, Penetration Testing, Vulnerability assessment, Python, OWASP, SAST/DAST, Source Code review, CVSS, SCA, Tools - BURP Suite, NMAP NIKPO, DIRBUSTERMETASPOLIT, Nessus, SSLSCAN
Good to have - Java, JS, SANS, Cloud Security, IAST, Bugbounty, Docket Security

Responsibilities

Work with clients to determine their requirements from the test, for example the number and type of systems they would like testing

Plan and create penetration methods, scripts and tests

Carry out remote testing of a clients network or on-site testing of their infrastructure to expose weakness in security

Simulate security breaches to test a system’s relative security

Create reports and recommendations from your findings, including the security issues uncovered and level of risk.

As well as identifying problems, you may also provide advice on how to minimize risks and provide advice on methods to fix or lower security risks to systems

Present your findings, risk and conclusions to management and other relevant parties

Consider the impact your ‘attack’ will have on the business and its users

Understand how the flaws that you identify could affect a business, or business function, if they’re not fixed