- Actively continue education and technical skill development. There is the potential for developing skills in other areas, such as long-term offensive operations, cloud and on-premise infrastructure red teaming, and TTP research.
- Execute penetration tests and security assessments autonomously or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more. The projects are expected to heavily lean to the side of web application and API security.
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
- Work with software development teams to help implement security requirements in their products.
- Develop tools and scripts to automate and improve current penetration testing processes.
- Strong and proven interest in Cyber Security ranging from own research to CTFs and other challenges.
- Any completed relevant courses are considered a plus, preferably Burp Academy certifications, OSWE or eWPTXv2.
- Any demonstrable own research or learning is considered a plus.
- Comfortable with application security testing techniques and common vulnerabilities (like OWASP Top 10, CWE Top 25) and security fundamentals.
- Vulnerability identification and risk calculation fundamentals.
- Familiarity with common web applications and API vulnerabilities.
- Familiarity with manual Web/API testing tools (preferably Burp Suite Pro and Postman).
- Familiarity with fuzzing and enumeration fundamentals.
- Experience with customizable automated scanners (e.g. experience with Nuclei template development) is a plus.
- Bug-bounty experience is a plus.
- Familiarity with the penetration testing report structure is a plus.
Basic IT skills across a range of technologies, including:
- Linux fundamentals.
- Computer networking.
- Windows fundamentals are a plus.
- Web development/Web application architecture.
- Mobile application security is considered a plus.
- Cloud security fundamentals are considered a plus.
- Some experience in scripting/coding language for tool development (preferably Python).
- Strong analytical and problem-solving skills.
- Must be able to work independently without supervision.
- Strong ability and drive to learn and develop cybersecurity skills.
- Technical English (Intermediate).
- Familiarity with security compliance is a plus.
- Rewarding, non-corporate environment: work with an intelligent team with strong niche experience.
- Courses and conferences which are relevant to the position are sponsored by the company including help with learning and completing the courses.
- Flexible work schedule and full WFH support.
- A wide range of technologies to work with.