Penetration Tester

Your day at NTT DATA The Penetration Tester is a seasoned subject matter expert, responsible for assessing and evaluating the security posture of the company's information systems, networks, applications and infrastructure. This role involves conducting rigorous penetration testing and ethical hacking activities to identify vulnerabilities and potential weaknesses for exploitation. The Penetration Tester collaborates with cross functional teams and provides strategic security recommendations and assists in strengthening the company's overall cybersecurity defenses. Key responsibilities:Plans, executes and manages complex penetration testing engagements on various IT assets, including networks, applications and databases.Conducts simulated cyber-attacks, including social engineering, to identify vulnerabilities and assesses the organization's resilience to cyber threats.Performs penetration tests against internal and external facing systems.Analyses and interprets penetration test results and provides detailed reports to relevant stakeholders.Provides input to improve the quality and effectiveness of tests in a highly scaled and global environment.Articulates complex technical risks through creation of reports and delivering presentations to key stakeholders.Works with Security DevOps teams to test the orchestration and automation processes and platforms, feed results into a testing program.Supports the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing.Provides comprehensive technical expertise with web, application and database vulnerability testing.Supports the development of the security automation framework and the implementation roadmap.Provides actionable security recommendations and mitigation strategies to address identified vulnerabilities.Ensures that penetration testing activities align with relevant industry standards, compliance regulations, and best practices.Contributes to any security awareness training and education programs to promote a culture of cybersecurity within the organization.Stays up to date with the latest cybersecurity threats, attack vectors, and defensive technologies to continuously improve testing methodologies. To thrive in this role, you need to have:Ability to work independently and manage multiple projects within remote environment.Demonstrates a strong ability to engage with various stakeholders, have a team-based approach and work towards share goals and outcomes.Ability to think outside the box and a passion to improve your skills and drive innovation.Ability to compromise systems and demonstrate ways to laterally move post compromise.In-depth knowledge of common security assessment methodologies, such as OWASP, PTES, or NIST SP 800-115.Strong understanding of various operating systems, network protocols, and application security.Proficiency in using penetration testing tools and frameworks, such as Metasploit, Burp Suite, Nmap, and Wireshark.Knowledge of security assessment tools and technologies used to evaluate web applications, databases, and network infrastructure.Excellent analytical and problem-solving skills to identify and exploit vulnerabilities effectively.Strong written and verbal communication skills to deliver clear and concise reports and recommendations to stakeholders.Ethical and professional conduct with a commitment to confidentiality and data privacy. Academic qualifications and certifications:Bachelor's degree or equivalent in Information Technology or Computer Science or related field.Security related certifications such as OSWE, OSEP, OSCP, OSCE, CRTP, GPEN, or CREST is desirable. Required experience:Seasoned demonstrated penetration testing experience and ethical hacking gained within a similar global environment.Seasoned demonstrated experience with both commercial and open-source security tools and scripting languages.Seasoned demonstrated exposure to security testing scenarios e.g. Capture the Flag / Red Team / Blue Team is desirable.Seasoned demonstrated experience with various testing platforms e.g. Hack the Box / Vulnhub / PentesterLab is desirable.