Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
ROLE AND RESPONSIBILITIES
- Collaborate with team members on conducting internal and external penetration tests.
- Conduct Mobile, Website and Network Pentesting.
- Innovate and develop offensive security testing tools and scripts for the sake of automation.
- Work side by side with software engineers to ensure the security of the software developed in-house.
- Work side by side with DevOps and system engineers to ensure the security of the company’s and the company’s customers’ infrastructures.
- Mentor junior security engineers and pentesters in regards to penetration testing methodology and general security topics.
- Work with fellow security team members on the Research and Development (RnD) of security tools and exploits.
Job Requirements
QUALIFICATIONS AND EDUCATION REQUIREMENTS
- Regarding academic requirements, there are none. As long as you can read, write, code and hack things, you’re most welcome to apply.
- Typically 2-3 years of experience in pentesting and red-teaming. However, if you don’t have enough experience, but you think you can match up to the experienced guys, feel free to apply.
- You must have an atypical mind, where you always think out-of-the-box. Old traditional thinking is boring.
- You must be always following latest security news concerning data breaches, exploits and malware.
- You must be a good communicator and with above average English skills (written and spoken).
- You must be flexible when it comes to job responsibilities. Duties could sometimes require you to
- Improvise and adapt to new situations.
PREFERRED SKILLS
- Deep understanding of security testing frameworks and tools.
- Good coding skills, in both interpreted and compiled languages.
- Good in-depth knowledge of networking and Operating systems.
- Proficiency in Linux.
- Deep knowledge of OWASP TOP 10 vulnerabilities and especially the top 5. Memorizing them is not enough.
- Good knowledge of RCE vulnerabilities and how to find, exploit and remediate them.
- Familiarity with business logic bugs and how to find, exploit and remediate them.
- Ability to construct a well-written penetration testing report to be presented to stakeholders.
- Ability to understand and write shellcode for Linux and Windows. This naturally implies good knowledge of binary exploitation and x86 assembly.
- Familiarity with network attacks on different layers.
- Ability to automate the pentesting process using either automated tools or custom-made scripts.
RECOMMENDED CERTIFICATES
- OFFENSIVE SECURITY (OSCE, OSEE)
- GIAC (GXPN, GWAPT)
- PTP, WAPT
MANDATORY CERTIFICATES (IF ANY)
- OSCP