Penetration Tester

Senior Application Penetration Tester

12-Month Contract (Potential for Extension)

Hybrid – Dublin, Ireland

Key Responsibilities:

• Conduct penetration testing of web applications, both before initial deployment and as they are updated, to identify vulnerabilities and potential access points for malicious actors.
• Identify applications vulnerable to exploitation, including risks that could lead to the infection of user systems with malware or other malicious code that could facilitate data exfiltration.
• Assess and identify vulnerabilities in code and systems, providing insights for improved code reviews, forensic analysis, threat analysis, and incident response.
• Evaluate systems and networks for resilience against sophisticated adversaries, simulating advanced attacks using the latest techniques and tools.
• Devise, analyse, and conduct methodical and comprehensive testing of system configurations, pathways, and interactions between systems to mimic the strategies employed by sophisticated attackers.
• Provide detailed reports on vulnerabilities, risk assessments, and remediation strategies for development teams.

Required Skills and Experience:

• Proven experience in application penetration testing, including the identification and exploitation of vulnerabilities in web applications and systems.
• Strong expertise in identifying web application vulnerabilities that can lead to the infection of systems or data exfiltration.
• Solid understanding of ethical hacking, and using penetration testing tools and techniques (e.g., Burp Suite, Kali Linux, Metasploit).
• Experience with code reviews, threat analysis, and working with incident response teams to remediate vulnerabilities.
• Ability to conduct sophisticated technical testing that simulates the techniques of highly skilled adversaries.
• Experience in providing comprehensive technical assessments for security flaws and vulnerabilities within systems and networks.
• Familiarity with modern attack techniques, including exploitation methods and methodologies to simulate real-world cyber-attacks.

Preferred Qualifications:

• Relevant certifications such as OSCP, CISSP, CEH, GIAC GPEN.
• Strong knowledge of secure coding practices and familiarity with common vulnerabilities (e.g., OWASP Top 10).
• Ability to communicate complex findings in clear, actionable language to both technical and non-technical stakeholders.

PFH Technology, owned by Ricoh – a Japanese based global ICT company, is a premier provider of end-to-end ICT solutions and a managed services portfolio scaling from SMEs to large Enterprise organisations. We have unrivalled vendor relationships. We can procure, design, deploy and support all your ICT needs. Our ISO certified Custodian™ Cloud Services and Custodian™ Managed Services provide the technology and expertise to mitigate risk and reduce your costs immediately. We have a nationwide network of over 750 dedicated professionals, ready to meet your ICT needs, with offices in Dublin, Cork and Galway.