Responsibilities:
- Conduct comprehensive penetration tests on systems, applications, and networks to identify vulnerabilities and weaknesses.
- Utilize a variety of tools and techniques to simulate real-world cyber attacks and attempt to exploit vulnerabilities.
- Analyze test results and provide detailed reports outlining identified vulnerabilities, potential risks, and recommended remediation actions.
- Collaborate with development and IT teams to provide guidance and support for vulnerability mitigation.
- Stay current with emerging security threats, attack vectors, and mitigation strategies.
- Participate in red team exercises and other cybersecurity assessments as needed.
- Provide expertise and guidance on secure coding practices to development teams.
- Collaborate with cross-functional teams to ensure that security best practices are integrated into the software development lifecycle.
- Assist in the development of security policies, procedures, and guidelines.
- Act as a subject matter expert on penetration testing and ethical hacking.
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- Proven experience as a Penetration Tester or Ethical Hacker.
- Strong knowledge of penetration testing methodologies, tools, and frameworks.
- Proficiency in common scripting languages (Python, Bash, PowerShell, etc.).
- Familiarity with network protocols, operating systems, and web application architectures.
- Experience with vulnerability assessment tools (Nessus, OpenVAS, etc.).
- Knowledge of secure coding practices and common security vulnerabilities.
- Strong problem-solving skills and attention to detail.
- Excellent written and verbal communication skills for creating comprehensive reports and explaining technical concepts to non-technical stakeholders.
- Relevant industry certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Penetration Testing Consultant (CPTC), or others are a plus.
- Familiarity with compliance standards (PCI DSS, HIPAA, GDPR) is a plus.
- Experience with cloud security assessments (AWS, Azure, GCP) is a plus.
- Knowledge of mobile application security testing is a plus.