Penetration Tester

Job Overview:

We are seeking an experienced Penetration Tester to identify and address security vulnerabilities in our systems, applications, and infrastructure. The ideal candidate will possess advanced expertise in ethical hacking techniques, vulnerability assessment tools, and incident response to strengthen our organization's security posture.

Key Responsibilities:

Penetration Testing:

○ Conduct penetration tests on networks, applications, cloud environments, and systems to identify vulnerabilities.

○ Simulate cyberattacks to evaluate the effectiveness of existing security measures.

○ Develop detailed exploit techniques to validate identified vulnerabilities.

Vulnerability Assessment:

○ Perform regular vulnerability assessments using industry-standard tools (e.g., Nessus, Qualys, Burp Suite, Metasploit).

○ Collaborate with IT teams to prioritize and remediate vulnerabilities.

Threat Modeling:

○ Analyze system architecture to identify potential attack vectors.

○ Develop threat models and risk assessments for critical systems.

Reporting and Documentation:

○ Prepare detailed reports on findings, including technical vulnerabilities and recommendations for mitigation.

○ Present findings to both technical and non-technical stakeholders.

Collaboration:

○ Work with development, IT, and security teams to implement secure coding practices and enhance security measures.

○ Provide guidance on best practices for security configurations and system hardening.

Research and Development:

○ Stay updated on emerging threats, vulnerabilities, and attack techniques.

○ Research and implement new penetration testing tools and methodologies.

Compliance:

○ Ensure compliance with security standards (e.g., ISO 27001, PCI DSS, GDPR, HIPAA).

○ Assist in internal and external security audits.

Qualifications and Skills:

• Educational Background:

○ Bachelor's degree in Computer Science, Information Security, or a related field (Masters degree preferred).

• Certifications:

○ Must have: CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent.

○ Preferred: CISSP, CISM, GIAC GPEN, or similar.

• Technical Expertise:

○ Proficient in penetration testing tools such as Metasploit, Kali Linux, Burp Suite, Wireshark, and similar.

○ Strong knowledge of programming/scripting languages like Python, Java, PowerShell, or Bash.

○ Familiarity with cloud platforms (AWS, Azure, Google Cloud) and their security features.

○ Deep understanding of networking protocols, firewalls, intrusion detection/prevention systems, and encryption methods.

• Soft Skills:

○ Excellent analytical and problem-solving skills.

○ Strong verbal and written communication skills for reporting and stakeholder presentations.

○ Ability to work under pressure and manage multiple priorities effectively.

Benefits:

•  Competitive salary and benefits package.
•  Opportunity to work with a talented and passionate team.
•  Professional development and growth opportunities.