#

Penetration Testing Lead Specialist

Devire

Warszawa, mazowieckie

Devire
Devire to międzynarodowa firma specjalizująca się w usługach rekrutacji, outsourcingu i employer brandingu.
Od ponad 30 lat reprezentujemy wiodących pracodawców na rynku europejskim, prowadząc kompleksowe projekty poszukiwań menedżerów i wyspecjalizowanej kadry, wdrażając najnowsze rozwiązania z obszaru usług IT oraz wspierając w budowaniu wizerunku pracodawcy z wyboru.

Nasze biura zlokalizowane są w Warszawie, Wrocławiu, Poznaniu, Katowicach oraz Monachium, Frankfurcie, Pradze i Hradec Kralove.

Penetration Testing Lead Specialist

Lokalizacja: Warszawa

Experience: 

Essential:

  • Manual application and infrastructure level penetration testing experience
  • Successful track record of discovering vulnerabilities and security flaws
  • Knowledge of security tools, and hands-on experience with penetration testing toolkits and programming
  • Degree level in Computer Science, Computer Engineering or Information Security
  • Five or more years of professional experience in IT security research, software development, security penetration testing, vulnerability research or security technology consulting
  • Minimum of four years experience in penetration testing engagements
  • Experience in testing banking and payment systems
  • Black box testing and protocol analysis experience
  • Technical risk assessment experience
  • Experience in analysis and presentation of complex data
  • Language skills and experience of working internationally

Desirable:

  • Digital forensics experience
  • Experience in security testing with OSSTMM or ISSAF methodology
  • Manual source code security review experience
  • Experience in reverse engineering and / or binary disassembly and binary code analysis

 

Technical Knowledge:

Essential:

  • Excellent web application and end-to-end infrastructure penetration testing skills following standard methodologies
  • Familiarity and understanding of recent attack vectors and exploits
  • General expertise in IT technology and frameworks including client-server applications, databases, network public key infrastructures and cryptography
  • In depth understanding of popular Operating System types and Network / Firewall infrastructure and protocols (e.g. UNIX, Windows, Cisco)
  • Demonstrable proficiency in programming languages, preferably Java, C, C++, Shell, Perl, PHP or Python
  • Excellent knowledge of information security principles, architecture, programming security flaws and secure programming best practices
  • Strong knowledge of TCP/IP
  • Ability to modify / enhance existing tools for specific scenarios and automate bespoke attacks (e.g. delayed blind SQL injection, bruteforce attacks to proprietary protocols)
  • Specific knowledge of web assessment tools and techniques (e.g. Paros proxy, Burp Suite, Web Scarab, Nikto, Dirbuster, web shells, SQL injection, RFI, XSS, application logic and session management issues, etc.)
  • Excellent knowledge of infrastructure testing tools and techniques (e.g. Nessus, metasploit, nmap, unicornscan, traceroute, netcat, hping, amap, packet crafting / capture etc.)
  • Understanding of the pertinent legal issues prevalent to penetration testing a global organisation
  • One or more of the following professional qualifications: CISSP,CEH, LPT, OPSA, OPSE, OPST, CISA, GIAC

Desirable:

  • Knowledge of authentication mechanisms security issues, online / offline password cracking, password policies, password / ciphers weak formats, etc.
  • Familiarity and understanding of well-recognized penetration testing methodologies (e.g. OWASP Testing)
  • Working knowledge of SQL-92
  • iSeries administration skills
  • Routers and switches configuration
  • IA32 assembly language skills

 

What we offer:

  • Employment based on an employment contract
  • Flexible working hours and 2 days of remote work per week
  • Benefits package: medical care, life insurance, sports card
  • Internal and external training
  • The possibility of promotion and expanding your knowledge in the organization
  • For your great results annual bonus
Devire Devire Devire Devire

Czy chcesz otrzymywać oferty pracy na podobne stanowiska?

Utwórz powiadomienie e-mail
Zapisz mnie

Zapisani kandydaci otrzymują informacje jako pierwsi.

Podziel się ze znajomymi