Responsibilities:
- Actively continue education and technical skill development, improving security capabilities.
- Execute penetration tests and security assessments autonomously or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more.
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
- Work with software development teams to help implement security requirements in their products.
- Develop tools and scripts to automate and improve current penetration testing processes.
Required skills:
- Strong and proven interest in Cyber Security.
- Any completed relevant courses considered a plus.
- Any demonstrable own research or learning is considered a plus.
- Comfortable with basic application security testing techniques and common vulnerabilities (like OWASP Top 10, CWE Top 25) and security fundamentals.
- Vulnerability identification and risk calculation fundamentals.
- Familiarity with common web application and API vulnerabilities.
- Familiarity with manual Web/API testing tools (preferably Burp Suite Pro and Postman).
- Familiarity with fuzzing and enumeration fundamentals.
- Experience with automated scanners a plus.
- Bug-bounty experience a plus.
- Familiarity with penetration testing report structure a plus.
Basic IT skills across a range of technologies, including:
- Linux fundamentals.
- Computer networking.
- Windows fundamentals.
- Windows infrastructure fundamentals (e.g. AD).
- Ability to read and understand at least some of the programming languages used in malware/tool development (C/C++, C#, Golang, Python, Ruby, etc).
- Some experience in a scripting/coding language for tool development (preferably Python).
- Strong analytical and problem-solving skills.
- Must be able to work independently without supervision.
- Strong ability and drive to learn and develop cybersecurity skills.
- Technical English (Intermediate).
- Familiarity with security compliance is a plus.
We offer:
- Rewarding, non-corporate environment: work with an intelligent team with strong niche experience.
- Courses and conferences which are relevant to the position are sponsored by the company. Including help with learning and completing the courses.
- Flexible work schedule and full WFH support.
- A wide range of technologies to work with.