استخدام Penetration Testing Engineer

کارخانه نوآوری iFNO Security Accelerator توسعه دهنده سرویس‌های امنیت ابری، سرویس‌های کشف تقلب، شبکه ارزیابی امنیتی و زیرساخت‌های حقوقی و وکلای سایبری از افراد مستعد و متخصصین امنیت و هکر‌های کلاه سفید در سراسر کشور دعوت به همکاری می‌نماید.

• Performs threat modeling to identify all possible attack vectors
• Conduct vulnerability assessment and penetration Testing against a wide array of technologies and platforms including )(Network, Infrastructure, WEB Applications, Mobile apps including iOS and Android and API
• Select the appropriate technical tests, network or vulnerability scan tools and/or pen Testing tools based on review of requirements and purpose
• Conduct relevant research, data analysis, and create reports
• Contribute to predictive analysis of malicious activity
• Understand, review, and interpret vulnerability assessment and scannin results, reduce false positive findings, and act as Security advisor to business unit partners
• Track public and privately released vulnerabilities and assists in the triage process
• Perform black box and gray box Testing, source code analysis, manual pen Testing, and vulnerability assessments
• Perform hands on technical validation of vulnerability to determine risk to different configurations and priorities for remediation
• Communicate current cybersecurity threats and educate stakeholders on risks and recommendations
• Simulate cyberattacks to identify vulnerabilities
• Participate in team problem solving efforts and offer ideas to solve the issues
• Performs static source code vulnerability analysis
• Work with external pen testers to continually improve Security on the platform
• Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test

General qualifications

• 3+ years of operational experience in Information Technology & InformationSecurity.
• Good written and verbal communication skills in English
• University Degree in Computer Science, Computer Engineering or other relevant field.
• Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset.
• Good interpersonal communication and presentation skills.
• Ability to be a team player.
• Ability to work effectively in multiple cultures and at a range of levels.
• Ability to constantly build up skillset using a mix of self-motivated and course based learning environment.
• Ability to work independently, proactively to see the big picture and work through solutions as needed.
• Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware,IDS and other Security technologies.
• Basic understanding of virtualization and software-defined data center concepts.
• Knowledge of OSI reference model and Networking fundamentals (switching,routing, load-balancing, firewalling).
• Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
• Basic understanding of cryptographic functionality within such protocols would be of advantage.
• Familiar with Security Regulations and Standards.

Technical qualifications

• Experience with API Testing and Mobile Application Testing
• Hands-on experience with two or more scripting languages such as Python,Powershell, Bash, or Ruby
• Familiarity with penetration Testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc
• Proficiency or experience in any one of the following tools would be anadded advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
• Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review
• An aptitude for technical writing, including assessment reports and presentations
• Strong understanding of penetration Testing frameworks
• Advanced knowledge of mobile application Testing techniques, software protocols and the ability to bypass common mobile application Security controls
• Understanding of offensive Security, including offensive evasion techniques
• General knowledge of web applications, databases, mobile, and cloud applications
• Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile)
• Ability to think outside the box and emulate adversarial approaches