این فرصت شغلی بسته شده است
لوگوی شرکت کارخانه نوآوری

استخدام Penetration Testing Engineer

۱۹ خرداد ۱۴۰۰

کارخانه نوآوری - تهران
حقوق بیش از ۱۲ میلیون تومان امکان دورکاری

تکنولوژی‌ها

فرصت شغلی

نوع همکاری: پاره‌وقت
سطح: ارشد (Senior)
زمینه کاری شرکت: فناوری اطلاعات، نرم‌افزار و سخت‌افزار
اندازه شرکت: ۱۱-۵۰ نفر

کارخانه نوآوری iFNO Security Accelerator توسعه دهنده سرویس‌های امنیت ابری، سرویس‌های کشف تقلب، شبکه ارزیابی امنیتی و زیرساخت‌های حقوقی و وکلای سایبری از افراد مستعد و متخصصین امنیت و هکر‌های کلاه سفید در سراسر کشور دعوت به همکاری می‌نماید.

  • Performs threat modeling to identify all possible attack vectors
  • Conduct vulnerability assessment and penetration Testing against a wide array of technologies and platforms including )(Network, Infrastructure, WEB Applications, Mobile apps including iOS and Android and API
  • Select the appropriate technical tests, network or vulnerability scan tools and/or pen Testing tools based on review of requirements and purpose
  • Conduct relevant research, data analysis, and create reports
  • Contribute to predictive analysis of malicious activity
  • Understand, review, and interpret vulnerability assessment and scannin results, reduce false positive findings, and act as Security advisor to business unit partners
  • Track public and privately released vulnerabilities and assists in the triage process
  • Perform black box and gray box Testing, source code analysis, manual pen Testing, and vulnerability assessments
  • Perform hands on technical validation of vulnerability to determine risk to different configurations and priorities for remediation
  • Communicate current cybersecurity threats and educate stakeholders on risks and recommendations
  • Simulate cyberattacks to identify vulnerabilities
  • Participate in team problem solving efforts and offer ideas to solve the issues
  • Performs static source code vulnerability analysis
  • Work with external pen testers to continually improve Security on the platform
  • Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test

General qualifications

  • 3+ years of operational experience in Information Technology & InformationSecurity.
  • Good written and verbal communication skills in English
  • University Degree in Computer Science, Computer Engineering or other relevant field.
  • Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset.
  • Good interpersonal communication and presentation skills.
  • Ability to be a team player.
  • Ability to work effectively in multiple cultures and at a range of levels.
  • Ability to constantly build up skillset using a mix of self-motivated and course based learning environment.
  • Ability to work independently, proactively to see the big picture and work through solutions as needed.
  • Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware,IDS and other Security technologies.
  • Basic understanding of virtualization and software-defined data center concepts.
  • Knowledge of OSI reference model and Networking fundamentals (switching,routing, load-balancing, firewalling).
  • Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
  • Basic understanding of cryptographic functionality within such protocols would be of advantage.
  • Familiar with Security Regulations and Standards.

Technical qualifications

  • Experience with API Testing and Mobile Application Testing
  • Hands-on experience with two or more scripting languages such as Python,Powershell, Bash, or Ruby
  • Familiarity with penetration Testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc
  • Proficiency or experience in any one of the following tools would be anadded advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
  • Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review
  • An aptitude for technical writing, including assessment reports and presentations
  • Strong understanding of penetration Testing frameworks
  • Advanced knowledge of mobile application Testing techniques, software protocols and the ability to bypass common mobile application Security controls
  • Understanding of offensive Security, including offensive evasion techniques
  • General knowledge of web applications, databases, mobile, and cloud applications
  • Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile)
  • Ability to think outside the box and emulate adversarial approaches

مزایا

اتاق بازی
سهام پیشرفت
فرصت سروکار داشتن با مفاهیم بنیادین امنیت سایبری و تکنولوژی عمیق
فرصت سروکار داشتن با چالش‌های هکینگ
سفر‌های دوره‌ای تیمی
بیمه
همکاری طولانی و هدفمند و تمام‌وقت

درباره‌ی شرکت

اکوسیستم جامعه هکران کلاه سفید طیف گسترده‌ای از سرویس‌های ارزیابی امنیتی در سطوح فناوری HighTech را توسط شکارچیان حفره‌ها و متخصصین امنیت برای سازمان‌های خصوصی و دولتی فراهم میکند .

WE COULD NOT LEAVE THE HACK SO WE USED IT AS A WAY TO ACCELERATETHE HACKER'S TALENT TO EARN MONEYBASED ON THE VALUE OF THEIR EFFORTS TO SECURE THE GLOBAL COMMUNICATION NETWORKS.

مشاهده‌ی پروفایل شرکت

درخواست همکاری
به دنبال کار هستی؟

پروفایل حرفه‌ای خودت رو کامل کن کن و با یک کلیک برای فرصت‌های شغلی ایده‌آل خودت درخواست بده.

بریم به پروفایل!

آگهی‌های مشابه

Devops Engineer
هرمس کپیتال - تهران
تمام‌وقت امکان دورکاری
Apache Kafka RabbitMQ NoSQL Circleci Distributed System
DevOps Engineer
تمام‌وقت
DevOps Git Docker Nginx Kubernetes
DevOps Engineer
بله - تهران
تمام‌وقت
Linux Nginx Kubernetes Docker Container
DevOps Engineer
بومینو - تهران
تمام‌وقت حقوق تا ۱۲ میلیون تومان
Docker Kubernetes PostgreSQL Bash Nginx
DevOps Engineer
تمام‌وقت
Kubernetes OpenShift Zabbix Pod ESXi

سایر آگهی‌های این شرکت

Senior UIUX designer
تمام‌وقت امکان دورکاری
Sketchup UI/UX Usability Adobe XD Figma
برنامه‌نویس هوش مصنوعی ( AI )
تمام‌وقت
Machine Learning Deep Learning
برنامه‌نویس Node.js
تمام‌وقت
Node.js JavaScript MySQL Git NoSQL
Front-end Developer (VueJs)
تمام‌وقت
Vue.js HTML CSS CSS3 Vuex
توسعه‌دهنده Flutter
پاره‌وقت امکان دورکاری
Flutter Flutter Layout Flutter Web Flutter Animation Flutter Test