Penetration Tester

Job Purpose

As a Senior Penetration Tester, your primary role is to assess and enhance the security of our information systems, networks, and applications through comprehensive penetration testing and vulnerability assessments. You will work closely with our internal product teams to identify weaknesses in their systems and provide actionable recommendations for improvement. Your expertise will help safeguard sensitive data and protect our customers from potential cyber threats. Additionally, you will be responsible for coordinating penetration tests with third-party vendors when required.

Duties and Responsibilities

o Conduct penetration tests on a wide range of digital products, including networks, web, and mobile applications, to identify vulnerabilities and security weaknesses.

o Collaborate with internal product teams to understand their set-ups, goals, and constraints.

o Effectively communicate findings and solutions to technical and non-technical stakeholders.

o Prepare detailed and clear reports documenting findings, reproduce steps, and recommended remediation steps, ensuring the internal product teams understand the security implications.

o Work with cross-functional teams, including security engineers and developers to help them to implement security measures and resolve identified vulnerabilities.

o When your schedule is constrained, coordinate, and manage penetration tests with third-party vendors, ensuring high-quality and timely delivery.

o Contribute to the development and improvement of our testing methodologies, processes, and tools.

o Stay up to date with the latest threats, vulnerabilities, and exploits and develop new testing techniques as necessary.

o Conduct security tests based on products security requirements.

o

Authorities

o Authorized to conduct penetration tests and security tests on selected digital products.

o Authorized to make recommendations for remediation actions based on test results.

o Authorized to engage with internal product teams to discuss findings and recommendations.

o Authorized to coordinate and manage penetration tests with third-party vendors if needed.

Qualifications

o Bachelor's degree in computer science/engineering, information security, or a related field.

o Proven experience in penetration testing, vulnerability assessment, and security testing with a minimum of 8 years in a similar role.

o Proven track record of conducting successful penetration tests for a variety of organizations and industries.

o Industry-recognized certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN) certifications, or similar qualifications are highly desirable.

o Demonstrated experience in vulnerability research (e.g., CVEs) is a plus.

o Experience in designing, developing, and executing customized penetration testing methodologies.

o Familiarity with various tools and frameworks used in penetration testing, such as Metasploit, Burp Suite, Nessus, Nmap etc.

o Strong knowledge of operating systems (Windows, Linux, and mobile platforms), databases, and web technologies.

o A deep understanding of common security protocols and technologies, including firewalls, intrusion detection/prevention systems, SSL/TLS.

o Programming skills and experience with languages such as Bash, Python, and PowerShell

o The ability to provide clear, comprehensive, and actionable reports on penetration test findings, including recommendations for remediation.

o Exceptional written and verbal communication skills to effectively convey technical information to both technical and non-technical stakeholders.