Job Description:
We are seeking a skilled and experienced Penetration Tester to join our cybersecurity team. The ideal candidate will have a strong background in offensive security practices, demonstrated by relevant certifications, and possess hands-on experience across various platforms. You will play a critical role in identifying vulnerabilities and ensuring the security of our applications, APIs, and mobile platforms.
Key Responsibilities:
* Conduct comprehensive penetration testing on web applications, APIs, and mobile applications (both Android and iOS) to identify potential security vulnerabilities.
* Perform threat modeling and risk assessment to provide actionable recommendations for remediation.
* Collaborate with development and operations teams to enhance security measures across cloud environments and containerized applications.
* Develop and execute detailed penetration testing plans and strategies, ensuring thorough coverage of all attack vectors.
* Provide clear, concise, and detailed reports on findings, including risk assessments and suggested remediation strategies to stakeholders.
* Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices to continuously improve testing methodologies.
* Work independently and make informed decisions to address security issues as they arise, demonstrating strong problem-solving and analytical skills.
* Participate in security awareness training and knowledge sharing sessions with team members and other departments.
Qualifications:
* Minimum 7 years of experience in penetration testing or a related cybersecurity role.
* Offensive Security Certified Professional (OSCP) or equivalent certification is required.
* Strong experience in web application testing and vulnerability assessment tools (e.g., Burp Suite, OWASP ZAP).
* Familiarity with API security testing methodologies and tools.
* Experience in mobile application security testing for both Android and iOS platforms.
* Knowledge of cloud security and containerization technologies (e.g., AWS, Azure, Docker, Kubernetes).
* Ability to work independently without supervision, demonstrating strong decision-making skills and a proactive approach to security challenges.
* Excellent communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
Preferred Skills:
* Additional offensive security certifications (e.g., CEH, GPEN, OSWE) are a plus.
* Familiarity with scripting languages (e.g., Python, Bash) for automation of tasks and testing.
* Experience with security frameworks and compliance standards (e.g., OWASP, NIST, ISO 27001).
#J-18808-Ljbffr