Đăng nhập
Đăng ký
Mô Tả Công Việc
1. Job OverviewThe Penetration Tester is responsible for simulating cyberattacks to identify security vulnerabilities across systems, applications, networks, and devices. The role involves recommending remediation measures to strengthen security defenses and mitigate risks.2. Key ResponsibilitiesSystem & Network Security Testing• Perform vulnerability assessments on systems, including Windows, Linux, Cloud, and Kubernetes environments.• Conduct internal network penetration tests targeting VPN, firewalls, IDS/IPS, and other network components.• Assess and exploit security weaknesses in cloud infrastructure (AWS, Azure, GCP).Application Security Testing (Web, Mobile, API, Thick Client)• Test for vulnerabilities based on OWASP Top 10, API Security Top 10, and Mobile Top 10 standards.• Evaluate application security across Android, iOS, Windows, macOS, and Linux platforms.• Test RESTful APIs, GraphQL, and SOAP APIs using tools such as Burp Suite, Postman, ZAP, and mitmproxy.Advanced Penetration Testing• Perform Red Team operations and adversary simulations to emulate real-world attack scenarios.• Leverage advanced attack techniques, including privilege escalation, lateral movement, and evasion tactics.• Conduct Active Directory (AD) security assessments.• Execute social engineering campaigns, including phishing, vishing, and smishing.Analysis & Reporting• Prepare detailed technical reports outlining vulnerabilities and recommended remediation actions.• Present findings to clients, developers, and stakeholders.• Support DevSecOps initiatives by integrating security testing into the CI/CD pipeline.
Xem toàn bộ Mô Tả Công Việc
Yêu Cầu Công Việc
Knowledge & Skills• Strong understanding of Windows, Linux, and macOS operating systems.• Proficient in penetration testing for Web, Mobile, Cloud, API, Network, and IoT environments.• Hands-on experience with tools such as Metasploit, Burp Suite Pro, Cobalt Strike, Empire, BloodHound, Nmap, Wireshark, Nessus, OpenVAS, SQLmap, Mimikatz, and Responder.• Skilled in exploiting vulnerabilities such as Buffer Overflow, Remote Code Execution (RCE), SQL Injection (SQLi), Cross-Site Scripting (XSS), XML External Entity (XXE), Server-Side Request Forgery (SSRF), Insecure Direct Object References (IDOR), Local File Inclusion (LFI), and Remote File Inclusion (RFI).• Programming experience in Python, Bash, PowerShell, JavaScript, and C/C++.Education & Experience• Bachelor’s degree in Information Security, Computer Science, Software Engineering, or related fields.• Minimum 2 to 5 years of professional experience in penetration testing or Red Team operations.Preferred Qualifications• Security certifications such as OSCP, OSCE, OSEP, OSED, CRTP, CRTE, PNPT, GXPN, GPEN, CEH, CPTC, or CISSP.• Experience in SOC, SIEM, and Threat Hunting.• Contributions to the security community through Bug Bounty programs, Capture The Flag (CTF) competitions, or CVE research.
Xem toàn bộ Yêu Cầu Công Việc
Hình thức
Full-time
Mức lương
Thỏa thuận
Báo cáo tin tuyển dụng: Nếu bạn thấy rằng tin tuyển dụng này không đúng hoặc có dấu hiệu lừa đảo,
hãy phản ánh với chúng tôi.
Tham khảo: 10 Dấu hiệu nhận biết hành vi lừa đảo qua tin tuyển dụng.
Tham khảo: 10 Dấu hiệu nhận biết hành vi lừa đảo qua tin tuyển dụng.
