- Actively continue education and technical skill development. There is the potential to develop skills in areas such as long-term offensive operations, cloud and on-premises infrastructure red teaming, and TTP research.
- Execute penetration tests and security assessments autonomously or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, cloud architectures, IoT devices, and more. The projects are expected to heavily lean to the side of red teaming, infrastructure penetration testing, with occasional application security.
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
- Work with software/infrastructure development and security operations teams to help implement security requirements in their products.
- Develop tools and scripts to automate and improve current penetration testing processes.
- Strong and proven interest in Cyber Security ranging from own research to CTFs and other challenges.
- Any completed relevant courses are considered a plus, preferably OSCP, CRTO/OSEP.
- Any demonstrable own research or learning is considered a plus.
- Comfortable with application security testing techniques and common vulnerabilities (like OWASP Top 10, CWE Top 25) and security fundamentals.
- Vulnerability identification and risk calculation fundamentals.
- Familiarity with common web applications and API vulnerabilities.
- Familiarity with manual Web/API testing tools (preferably Burp Suite Pro and Postman).
- Familiarity with infrastructure penetration testing fundamentals.
- Familiarity with IAM deployment penetration testing (mostly Active Directory).
- Familiarity with C2 framework usage is a plus.
- Proven interest in malware and evasion development is a plus.
- Experience with customizable automated scanners (e.g. experience with Nuclei template development) is a plus.
- Bug-bounty experience is a plus.
- Familiarity with the penetration testing report structure is a plus.
- Basic IT skills across a range of technologies, including:
- Linux/Windows infrastructure fundamentals.
- Computer networking.
- Web development/Web application architecture.
- Mobile application security is considered a plus.
- Cloud security fundamentals are considered a plus.
- Some experience in scripting/coding language for tool development (preferably Python).
- Strong analytical and problem-solving skills.
- Must be able to work independently without supervision.
- Strong ability and drive to learn and develop cybersecurity skills.
- Technical English (Intermediate).
- Familiarity with security compliance is a plus.
- One-to-one mentoring with a senior red team operator.
- Rewarding, non-corporate environment: work with a competent team with strong niche experience.
- Courses and conferences relevant to the position are sponsored by the company, including help in learning and completing the courses.
- Flexible work schedule and full WFH support.
- A wide range of technologies to work with.
We value people and help them develop. Read more