We are looking for a qualified security test analyst with recent and relevant working experience as a software security tester. You’ll be responsible for the execution of security tests on a wide variety of internal and external-facing web-based applications. You also will assist with the continuous improvement of the processes critical to the success of the team. In this role, you will be helping DevOps and development teams.
- Perform penetration tests on computer systems, networks, and applications
- Create new testing methods to identify vulnerabilities
- Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection
- Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
- Search for weaknesses in common software, web applications, and proprietary systems
- Research, evaluate, document, and discuss findings with IT teams and management
- Review and provide feedback for information security fixes
- Establish improvements for existing security services, including hardware, software, policies, and procedures
- Identify areas where improvement is needed in security education and awareness for users
- Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
- Stay updated on the latest malware and security threats
Skills and Competencies:
- Deep understanding of the OWASP guidelines
- Hands-on experience with penetration testing tools
- Able to create and follow up tickets related to security issues
- Able to document and propose solutions and guidelines to developers and infrastructure engineers on best practices.
- Robust creativity and problem-solving skills
- Ability to think analytically
- Knowledge of technical systems and terminology
- Proficiency in scripting languages
- Ability to identify and exploit vulnerabilities
- Advanced written and verbal communication skills
- Candidate must possess a Bachelor’s/College Degree in Computer Science/Information Technology, Engineering or other related fields.
- At least 7 years of Security Vulnerable, Exploitation, and Penetration testing experience.
- Experience with OWASP testing Guide/Open Source Security Testing Methodology Manual.
- Experience deploying enterprise security testing solutions.
- Certified Ethical Hacker (CEH).
- Offensive Security Certified Professional (OSCP).
- Other relevant certifications (e.g., OSWE, OSCE, GPEN) are a plus.
- Proficiency in using penetration testing tools such as Metasploit, Burp Suite, Nessus, Wireshark, and Nmap.
- Experience with pen-testing process automation (eg. scripting).
- In-depth knowledge of common vulnerabilities and attack vectors, as well as the ability to exploit them.
- Background with Qualys, Tenable, and OpenVAS Vulnerability Scanners.
- Strong understanding of network protocols, operating systems, and web application technologies.
- Ability to perform application and infrastructure threat modelling.
- Strong communication skills, both written and verbal, to effectively convey findings and recommendations to technical and non-technical stakeholders.