Offensive Security Penetration Testing Engineer (Libadiye)

Who We Are?

We are the technology leader of the aviation and air cargo industry in Turkey! We are an innovative and successful team that does not fit into the mold, constantly enlarges its target and pushes the standards in global competition...

We design and develop technology with the spirit of R&D, where human, engineering and software are the most perfect components. We use trend technologies such as big data, cloud computing, artificial intelligence, fintech, cybersecurity and blockchain which we can compete in the sky. We move forward confidently and successfully with the power of our knowledge and experience into the future.

Obviously, We don't dream too much as “what will happen in the future?”, because we are designing the future from today...

We are a strong team of more than 1800 valuable talents that shed their minds in offices equipped with modern technology in Istanbul, Ankara and Izmir. Team play is our favorite system! We focus on the same goal – winning – and continue to work together with the motivation to achieve this.

If you want to have your name in the success story of a globalizing company, we look forward to your application to the winners team!

About the role:

The Offensive Security Penetration Testing Engineer is responsible for identifying and exploiting vulnerabilities in computer systems, networks and applications to simulate attacks by malicious actors. The primary role is to conduct Web/Mobile/API applications, cloud and network penetration testing and vulnerability assessments to identify weaknesses and recommend solutions to mitigate those risks. Another part of the role is to support any infrastructure and tools required to complete assessments. Secondary duties include assisting with Red Team Exercises, social engineering, Purple Team Exercises, and physical assessments.

This position will be

• Conduct penetration tests on the internal networks and systems of the corporation and report the results of such tests
• Create and execute Red Team scenarios and report their results
• Organize and conduct penetration tests such as; Active Directory, Cloud Environments, IoT Systems, SCADA Systems, SAP penetration testing, Web/Mobile/API Applications and network infrastructure.
• Responsible for planning and managing outsource penetration testing activities
• Help teams through the remediation or mitigation process of the disclosed vulnerabilities
• Report the vulnerabilities detected after the security tests, notify them to the relevant teams, and follow up them
• Provide guidance and mentorship to junior members of the security team

How do we describe the perfect match?

• Graduation from Computer, Electrical and Electronic, Electronic, Communication Engineering, or similar 4-year engineering departments, or Computer Technologies and Information Systems department of universities preferred
• Good command of English
• Prone to teamwork and Analytical thinking, problem solving, planning, follow-up and communication skills
• 3+ years of experience in three or more of the following areas:
• Network penetration testing and manipulation of network infrastructure
• Web/Mobil/API application penetration testing assessments
• Email, phone, or physical social-engineering assessments
• Developing, extending, or modifying exploits, shell code or exploit tools
• Red/Purple teaming exercises
• Cloud, IoT and SCADA Environments security audits and penetration testing
• Holding at least one of the industry certificates like OSCP, OSEP, OSCE, OSWE, CS-Ranger, CRTO, CRTE or SANS certificates preferred
• Experience with penetration testing techniques such as Breach&Attack Simulation techniques, AV evasion, secure tunneling, pivoting methods, lateral movement, post exploitation, infil/exfil of data, phishing, fuzzing, etc.
• Conduct research into real-world threat actor tactics, techniques and procedures to develop playbooks
• Ability to plan, execute, and perform Red Team activities for initial access (e.g., malware, phishing, and command-and-control) routinely as a team member and coordination with the cyber defense center and incident response teams to validate Blue team monitoring & detection processes
• Work closely with the Blue team to test the efficacy of existing alerts, help create new detection, improve incident and threat detection capabilities.
• Work with the team to provide remediation recommendations across the organization to aid with mitigation of identified Cyber Risks
• Provide guidance and recommendations to other teams to improve the security of products.

Benefits Of Working With Us

In addition to having the opportunity to grow and be challenged, and to be part of a life, our people enjoy a range of rewarding benefits:

• Flexible working arrangements, generous personal, parental and cultural leave
• Competitive remuneration
• Free and subsidized health and wellbeing services
• Discounts on a wide range of products and services
• Career development opportunities
• A buddy who will guide and accompany you during your onboarding process
• A great number of online courses and technical trainings that will support your development
• Personalized development plan for you
• Using CED & Pass Flight for travelling experience with your family
• Support payment for childcare

Be Yourself

We value the unique backgrounds, experiences and contributions that each person brings to our team and encourage and celebrate diversity.

If you would like to get to know more about Turkish Airlines Technology, please follow us on Instagram and LinkedIn;

https://www.instagram.com/turkishairlinstechnology/

https://www.linkedin.com/company/thyteknoloji/