Senior Penetration Tester

Responsibilities

• Conduct web application, mobile application, network, wireless, and operational technology penetration tests.
• Conduct security assessments of cloud environments and application source code review.
• Conduct penetration tests in accordance with standard methodologies (i.e., OWASP, NIST).
• Maintain and fine-tune, methodologies and infrastructure to support penetration testing engagements in a variety of cloud environments and novel platforms.
• Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics.
• Use common penetration testing and red-team tools, tactics, techniques, and procedures.
• Utilize custom penetration testing tools, frameworks, and infrastructure.
• Assess risk of discovered vulnerabilities based on likelihood and severity of exploitation.
• Work with security and engineering teams to communicate findings, recommendations, and knowledge to key stakeholders.
• Evolve our capabilities and toolset.
• Penetration Testing in these domains.
• Web Applications, Network (Internal/External), Mobile Applications, Cloud Environments, Phishing.

Minimum requirements

• 5+ years experience pen testing services deployed in public cloud infrastructure.
• Solid understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
• Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth.
• Deep familiarity with current offensive security practices, bug bounty programs, CTFs, fuzzing, and other pen test tools and techniques.
• Offensive Security Certified Professional.

Preferred qualifications:

• 7+ years experience working in an information security discipline/ability to find and exploit bugs in.
• JavaScript, TypeScript.
• Kubernetes, AWS, GCP, Firebase.
• Memory management, namespaces, cgroups, etc.
• Prior experience working in a high growth, cloud native technology company.
• Fluency in one or more programming or scripting languages: JavaScript, Python, Go.
• Contributions to the security community, such as open source tools, research papers, conference talks, etc.

We offer excellent benefits, including but not limited to

• Learning and development opportunities and interesting, challenging tasks.
• Official employment in accordance with the laws of Cyprus and the EU, registration of family members.
• Relocation package (tickets, staying in a hotel for 2 weeks).
• Company fitness corner in the office for employees.
• Opportunity to develop language skills and partial compensation for the cost of language classes.
• Birthday celebration present.
• Time for proper rest and 24 working days of annual vacation.
• Breakfasts and lunches in the office (partially paid by the company).

Join BrainRocket and rock with us!