Your Key Role: As an Offensive Security Professional, you'll be at the forefront of safeguarding people, information, and assets through delivering innovative security services.
Responsibilities:
* Continuously evaluating and challenging security controls to enhance the security landscape and create a safer digital environment.
* Diving into infrastructure and application penetration testing to ensure systems meet stringent security requirements and uncover any potential vulnerabilities.
* Immersing yourself in scenario-based technical assessments, mirroring the tactics, techniques, and procedures of real-world threat actors, all aimed at achieving security objectives.
* Driving the entire technical assessment lifecycle, from planning to execution, while contributing your expertise to shape and refine security policies, standards, and procedures.
About You: We're looking for a dynamic technology risk professional who thrives in fast-paced, agile environments. The ideal candidate will bring a strong blend of technical expertise, risk knowledge, and a collaborative mindset.
Requirements:
1. Experience collaborating in SecDevOps environments or interfacing with development teams to gather security testing requirements, autonomously managing penetration tests, and providing effort estimations.
2. Expertise in infrastructure and web application security testing methodologies and frameworks like OWASP, PTES, OSSTMM, and ISSAF.
3. Familiarity with OWASP standards such as ASVS (Application Security Verification Standard) and CVSS (Common Vulnerability Scoring System), including the OWASP Testing Guide.
4. Technical proficiency in web technologies such as HTML, JavaScript, Java/J2EE, ASP/.NET, PHP, Rest APIs, AngularJS, NodeJS, Bootstrap, etc.
5. Proven track record in conducting vulnerability assessment and penetration testing of various platforms including Web Applications, APIs, Mobile, and Network Infrastructure, both on-premise and within cloud environments (e.g., AWS/Azure).
6. Develop and execute custom attack scenarios to simulate advanced threat actors.
7. Proficiency in working with the Kali Linux environment, as well as Android/iOS environments, including installing/troubleshooting security tools and resolving OS-related issues.
8. Capability to set up insecure applications (e.g., OWASP Broken Web Applications) in testing environments to evaluate security tools for application scanning, identifying false positives, and managing remediation processes.
9. Working experience in Nessus, Burp Suite Pro, ZAP Proxy, Maltego, Wireshark, SQLMAP and other widely used security tools.
10. Penetration testing security certifications such as OSCP / OCSE / CRT / CCT.