Penetration Tester

Job Overview

Are you an experienced Penetration Testing Expert looking for a new challenge and an opportunity to advance your career? If you are highly motivated, detail oriented, and customer focused problem solver, we have the perfect job for you!

We are looking for Penetration Testers to join our dynamic Security Testing dream team and take lead in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques. As a penetration tester, you will perform authorised tests on computer systems in order to expose weaknesses in their security that could be exploited by criminals as well as identifying problems, and providing advice on how to minimise risks.

Job Responsibilities

As a penetration tester, you’ll understand complex computer systems and technical cyber security terms. You’ll need to:

  • Work with clients to determine their requirements from the test, for example the number and type of systems they would like testing
  • Plan and create penetration methods, scripts and tests. Automate penetration and other security testing on networks, systems and applications
  • Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
  • Carry out remote testing of a client’s network or onsite testing of their infrastructure to expose weaknesses in security
  • Simulate security breaches to test a system’s relative security
  • Create reports and recommendations from your findings, including the security issues uncovered and level of risk 
  • Advise on methods to fix or lower security risks to systems
  • Present your findings, risks and conclusions to management and other relevant parties
  • Consider the impact your ‘attack’ will have on the business and its users
  • Understand how the flaws that you identify could affect a business, or business function, if they’re not fixed.
  • Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
  • Support Engineering team with secure design, secure coding, security testing, fuzzing, SAST and DAST tool usage.
  • Support Product Security Incident Response (PSIRT) function to quickly mitigate product security incidents
  • Building POCs and tooling for engineering and QA/QE for security testing.
Preferred Qualifications
  • Bachelor’s of Science degree in an Engineering discipline; Master’s preferred or equivalent work experience
  • Previous working experience as a Penetration Testing Expert for 5+ years
  • In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
  • Hands on experience with testing frameworks such as the PTES and OWASP
  • Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
  • Certifications in security demonstrating deep practical knowledge such as  CEH, OSCP, GPEN, CREST Registered Penetration Tester (CRT).
  • DevSecOps experience in highly diversified and high growth organizations
  • Critical thinker and problem solver
  • Excellent organizational and time management skills
  • Effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.)
  • Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
  • Technical leadership experience in the Software Security field.
  • Excellent cyber security capabilities and strong software engineering skills
  • Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat. Public speaking is a plus