Penetration Tester

Role & responsibilities

Job Title - Pen Tester - CERT Team

Mission: The Pen tester will be part of the Computer Emergency Response Team (CERT), the cyber defense unit of the Michelin Group. The team operates with three primary missions:

Prevent and anticipate threats while preparing for cyber crises.

Detects vulnerabilities, threats, and cyberattacks.

Respond to security incidents, analyze impacts on the Groups IT ecosystem, and manage crises.

This role collaborates with the Group CERT team and operates in a Follow-the-Sun model, ensuring seamless global coverage.

Availability: The role operates on a follow-the-sun model, requiring collaboration with the global Group CERT team. Analysts must operate 3-4 days from the office and be available on a rotation basis for Weekend on call support.

Desired Profile:

Experience: Total 3-10 years & 6+ Yrs Relevant in cybersecurity roles with a strong focus on penetration testing, threat hunting, and tool development.

Certifications: Relevant certifications like OSCP, CEH, GIAC, or similar credentials are preferred.

Hands-On Exposure: Experience with web applications and AD/Windows environment penetration tests and network intrusion detection.

Technical Skills:

Penetration Testing Expertise:

Hands-on experience with HackTheBox, TryHackMe, or similar platforms.

Experience managing Bug Bounty Programs as an Ethical Hacker using relevant tools.

Proficiency in Burp Suite and IDA Pro (for reversing).

Strong PowerShell scripting and general scripting capabilities.

Web Development & Security:

Understanding of web application development and deployment to simulate attacker perspectives.

Expertise in penetration tests on web technologies, Active Directory/Windows environments, and networks.

Familiarity with intrusion tests on industrial control systems is a plus.

Programming & Scripting:

Proficiency in languages such as Python, Java, Shell scripting, .NET, and PowerShell.

Development experience for building tools, automation scripts, or utilities to improve security testing workflows.

Network & System Security:

Deep understanding of network security principles and systems security.

The ability to detect and mitigate vulnerabilities effectively.

Behavioral Competency:

• Initiative and Autonomy: Ability to work independently with minimal supervision.
• Curiosity and Innovation: Strong curiosity to explore vulnerabilities and exploit potential bugs.
• Collaboration: Adept at working in cross-functional, international teams and different time zones.
• Communication Skills: Strong ability to articulate technical concepts to stakeholders effectively.

KEY EXPECTED ACHIEVEMENTS:

Key Responsibilities:

Penetration Testing (Pentest):

Conduct "security tests" on applications and systems in compliance with ethical standards and recognized methods.

Evaluate vulnerabilities and assess their exploitability within the IT ecosystem.

Red Team Operations:

Actively participate in Red Team missions commissioned by the Group Security Team.

Simulate real-world attack scenarios to assess defenses and identify improvement areas.

Threat Hunting:

Detect vulnerabilities across the IT landscape and ensure appropriate ticket creation and resolution.

Continuously identify exploitable bugs and proactively address them.

Development:

Develop internal tools (scripts, software, APIs, web services) to enhance operational efficiency.

Automate repetitive tasks and improve existing workflows using custom scripts or software solutions.

Security Expertise:

Provide security consultancy to various projects, supporting internal development teams with vulnerability remediation.

Offer expertise in web technologies, Active Directory/Windows environments, and network systems security.

Collaboration and Coordination:

Collaborate with Global Security teams to deliver training, coaching, and best practices.

Foster a culture of continuous improvement and proactive defense across teams.

Preferred candidate profile