Actively continue education and technical skill development. There is the potential for developing skills in other areas, such as long-term offensive operations, cloud and on-premise infrastructure red teaming, and TTP research.
Execute penetration tests and security assessments autonomously or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more. The projects are expected to heavily lean to the side of web application and API security.
Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
Work with software development teams to help implement security requirements in their products.
Develop tools and scripts to automate and improve current penetration testing processes.
Strong and proven interest in Cyber Security ranging from own research to CTFs and other challenges.
Any completed relevant courses are considered a plus, preferably Burp Academy certifications, OSWE or eWPTXv2.
Any demonstrable own research or learning is considered a plus.
Comfortable with application security testing techniques and common vulnerabilities (like OWASP Top 10, CWE Top 25) and security fundamentals.
Vulnerability identification and risk calculation fundamentals.
Familiarity with common web applications and API vulnerabilities.
Familiarity with manual Web/API testing tools (preferably Burp Suite Pro and Postman).
Familiarity with fuzzing and enumeration fundamentals.
Experience with customizable automated scanners (e.g. experience with Nuclei template development) is a plus.
Bug-bounty experience is a plus.
Familiarity with the penetration testing report structure is a plus.
Basic IT skills across a range of technologies, including:
Windows fundamentals are a plus.
Web development/Web application architecture.
Mobile application security is considered a plus.
Cloud security fundamentals are considered a plus.
Some experience in scripting/coding language for tool development (preferably Python).
Strong analytical and problem-solving skills.
Must be able to work independently without supervision.
Strong ability and drive to learn and develop cybersecurity skills.
Technical English (Intermediate).
Familiarity with security compliance is a plus.
Rewarding, non-corporate environment: work with an intelligent team with strong niche experience.
Courses and conferences which are relevant to the position are sponsored by the company including help with learning and completing the courses.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.