Penetration Tester

Saudi
  • Experience in the range 2-3 yrs
  • Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
  • Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
  • Work closely with application, network and infrastructure teams when performing tests against new or existing systems
  • Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
  • Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
  • Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
  • Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
  • Be a part of the SDLC process for testing of new application systems/infrastructure
  • Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
  • Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc)
  • Create, maintain and report metrics that measure effectiveness of various security controls.
  • Document areas of significant exposure to information systems and recommend solutions.
  • Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
  • The ability to articulate risks and findings to management
  • Experience in preparing a security threat model and associated test plans.
  • Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
  • Knowledge of current information security threats. Good understanding of coding best practices and standards.
  • In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
  • Excellent communication skills both written and verbal.
  • Critical thinking and good problem-solving abilities.
  • Organized in planning and time management skills are preferred.
  • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.


Skills

  • Experience in the range 2-3 yrs
  • Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
  • Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
  • Work closely with application, network and infrastructure teams when performing tests against new or existing systems
  • Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
  • Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
  • Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
  • Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
  • Be a part of the SDLC process for testing of new application systems/infrastructure
  • Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
  • Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc)
  • Create, maintain and report metrics that measure effectiveness of various security controls.
  • Document areas of significant exposure to information systems and recommend solutions.
  • Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
  • The ability to articulate risks and findings to management
  • Experience in preparing a security threat model and associated test plans.
  • Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
  • Knowledge of current information security threats. Good understanding of coding best practices and standards.
  • In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
  • Excellent communication skills both written and verbal.
  • Critical thinking and good problem-solving abilities.
  • Organized in planning and time management skills are preferred.
  • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable.


Post date: 19 Rabi al-thani 1446 - Today
Publisher: Bayt
Post date: 19 Rabi al-thani 1446 - Today
Publisher: Bayt