This is an exciting opportunity to join our IT department as a Penetration Tester and play a key role in safeguarding our organization digital assets. You'll leverage your offensive security expertise to proactively identify vulnerabilities in our systems, networks, and applications. As a trusted advisor, you'll collaborate across departments to translate your findings into actionable recommendations, fostering a security-conscious culture throughout the organization.
In this role within the SDLC (Software Development Life Cycle), you'll actively participate in security assessments from the planning stages, ensuring potential weaknesses are addressed before deployment. By continuously honing your skills and staying abreast of the
latest hacking techniques, you'll be instrumental in maintaining our organization cutting- edge security posture.
Main Job Responsibilities:
Plan and conduct black-box, white-box, and gray-box penetration testing
engagements on our systems, networks, and applications, identifying vulnerabilities using tools like Burp Suite and Metasploit.
Exploit identified vulnerabilities to assess potential impact, including privilege escalation, lateral movement simulations, and proof-of-concept development.
Collaborate with developers to remediate vulnerabilities through clear reporting, code reviews, secure coding practices, and retesting.
Document findings, develop security reports, and present them to relevant stakeholders.
Stay updated on the latest hacking techniques, threats, vulnerabilities, and remediation strategies.
Provide recommendations and knowledge transfer to internal staff to boost our overall security competence.
Continuously improve the organization security posture by creating, developing,
maintaining, and automating new attack tactics and tools. Monitor and research emerging threats to integrate them into the testing methodology.
Promote security awareness and best practices throughout the organization.
Design and execute penetration testing engagements aligned with SOC 2 compliance requirements.
Gather and document evidence to support the effectiveness of security controls for our annual SOC 2 audit.
Collaborate with third-party auditors during the SOC 2 audit process to address findings and demonstrate security posture.
Requirements Needed Competencies:
Excellent communication skills to convey technical findings to both technical and non-technical audiences.
Ability to manage multiple projects, prioritize tasks, and meet deadlines under pressure.
Actively listen to and understand the concerns and priorities of stakeholders from different areas of the organization.
Foster a collaborative environment where security is viewed as a shared responsibility.
Effectively mentor and train security best practices to internal teams (developers, operations, etc.).
Knowledge, skills and abilities:
Familiarity with security tools like OpenVas, Burp Suite, OWASP ZAP, and Metasploit.