Penetration Tester

YOUR RESPONSIBILITIES:

• Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
• Clearly and professionally document root cause and risk analysis of all findings
• Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
• Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
• Advise on vulnerability remediation, control implementation and secure development practices
• Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
• Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
• Assist in planning, test execution and vulnerability mitigation
• Ensure that company security policies are implemented, enforced, and enhanced when appropriate
• Participate in team discussions to formulate new or enhance existing processes and standards
• Run evaluations of new security testing technologies and provide recommendations.

SKILLS & EXPERIENCE WE REQUIRE:

• A prior demonstrable hands-on experience in penetration testing.
• OSCP certificate
• Solid understanding of the platform security models for iOS and Android platforms.
• Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications.
• Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
• Excellent TCP/IP knowledge and understanding of security implications/issues.
• Strong web application testing experience.
• Proven programming/scripting skills.
• Ability to explain security functionality from first principles.
• Ability to adapt and apply information to new scenarios and technologies.
• Strong understanding of applied use of cryptography in application development.

WE OFFER:

• A full-time contract (B2B also possible)
• Stable and long-term cooperation
• Well-defined career path at the European leader in engineering & IT consulting
• Participation in company conferences, trainings, workshops, integration meetings, etc.
• Certification and training opportunities