Pen Tester

Pen Tester - CERT Team KEY EXPECTED ACHIEVEMENTS

Key Responsibilities

1. Penetration Testing (Pentest)
- Evaluate vulnerabilities and assess their exploitability within the IT ecosystem.

2. Red Team Operations
- Actively participate in Red Team missions commissioned by the Group Security Team.
- Simulate real-world attack scenarios to assess defenses and identify improvement areas.

3. Threat Hunting
- Detect vulnerabilities across the IT landscape and ensure appropriate ticket creation and resolution.
- Continuously identify exploitable bugs and proactively address them.

4. Development
- Develop internal tools (scripts, software, APIs, web services) to enhance operational efficiency.
- Automate repetitive tasks and improve existing workflows using custom scripts or software solutions.

5. Security Expertise
- Provide security consultancy to various projects, supporting internal development teams with vulnerability remediation.
- Offer expertise on web technologies, Active Directory/Windows environments, and network systems security.

6. Collaboration and Coordination
- Collaborate with Global Security teams to deliver training, coaching, and best practices.
- Foster a culture of continuous improvement and proactive defense across teams.

Desired Profile
- Experience: 10-12 years in cybersecurity roles with a strong focus on penetration testing, threat hunting, and tool development.
- Certifications: Relevant certifications like OSCP, CEH, GIAC, or similar credentials are preferred.

Technical Skills:

- Penetration Testing Expertise:

- Hands-on experience with HackTheBox, TryHackMe, or similar platforms.
- Experience managing Bug Bounty Programs as an Ethical Hacker using relevant tools.
- Proficiency in Burp Suite and IDA Pro (for reversing).
- Strong PowerShell scripting and general scripting capabilities.
- Web Development & Security:

- Expertise in penetration tests on web technologies, Active Directory/Windows environments, and networks.
- Familiarity with intrusion tests on industrial control systems is a plus.
- Programming & Scripting:

- Proficiency in languages such as Python, Java, Shell scripting,.NET, and PowerShell.
- Development experience for building tools, automation scripts, or utilities to improve security testing workflows.
- Network & System Security:

- Deep understanding of network security principles and systems security.
- Ability to detect and mitigate vulnerabilities effectively.

Behavioral Competency
- Initiative and Autonomy: Ability to work independently with mínimal supervision.
- Curiosity and Innovation: Strong curiosity to explore vulnerabilities and exploit potential bugs.
- Collaboration: Adept at working in cross-functional, international teams and different time zones.
- Communication Skills: Strong ability to articulate technical concepts to stakeholders effectively.

Availability

The role operates on a follow-the-sun model, requiring collaboration with the global Group CERT team. Analysts must operate 3-4 days from the office and be available on a rotation basis for Weekend on call support.