Penetration Tester

Roles and responsibilities

Lead offensive security initiatives, such as red teaming, threat hunting, and penetration testing for IT and OT systems.
Oversee and manage incident response, malware analysis, and vulnerability management processes.
Provide strategic and technical guidance, offering hands-on support to engineers and collaborating with external partners.
Drive the development and management of SOC Red Team functions to ensure robust cybersecurity operations.
Offer expertise in protocol analysis (e.g., Wireshark), client-server and multi-tier web applications, and relational databases.

Experience and Skills
Strong background in incident response, malware management, vulnerability assessment, and data analytics.
Experience with large-scale ICS and ICT environments, preferably within the energy sector.
Deep knowledge of networking fundamentals (TCP/IP, Ethernet) and familiarity with the current threat landscape, including APTs and cybercrime trends.
Practical experience with cloud platforms (Amazon, Azure, Google Cloud) and various models (IaaS, SaaS).
Proficiency with multiple operating systems (Windows, Unix) and a solid understanding of IT governance, including ITIL and COBIT.
Certifications such as CISSP, CISM, GCIH, GIAC, CEH, OSCE, or similar advanced cybersecurity qualifications are essential.
Network & Infrastructure Penetration Testing:

Proficient in testing networks, firewalls, routers, VPNs, and other infrastructure components for vulnerabilities.
Strong experience with external and internal network assessments, exploiting weaknesses such as open ports, unpatched services, misconfigurations, and default credentials.
Web Application Penetration Testing:

Expertise in web application security testing, including SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote File Inclusion (RFI), and other web app vulnerabilities.
Skilled in using web application testing tools such as Burp Suite, OWASP ZAP, and Nessus.
Knowledge of secure coding practices and OWASP Top 10 vulnerabilities.
Mobile Application Penetration Testing:

Experience with testing mobile applications for security issues, including testing Android and iOS apps for vulnerabilities such as insecure data storage, insecure communication, and code injection.
Familiar with tools such as Frida, MobSF, and Burp Suite for Mobile.

Desired candidate profile

Bachelor's degree in Information Security, Computer Science, or Systems Engineering.
Over 10 years of technical experience in Information Security, System Administration, or Network Engineering, with at least 5 years in specialised Information Security roles.
Lead Penetration Testing Projects:

Oversee and manage penetration testing engagements, ensuring all tests are conducted thoroughly, ethically, and within scope.
Identify vulnerabilities in web applications, networks, mobile apps, and other critical systems.
Provide actionable insights and risk assessments based on testing results.
Lead & Mentor Penetration Testing Team:

Guide and mentor junior pen testers and security analysts, reviewing their findings and offering technical support and training.
Ensure team members are following best practices and maintaining high standards of work.
Develop Test Plans and Attack Strategies:

Develop detailed penetration testing methodologies tailored to the unique systems and needs of the client or organization.
Design and execute advanced attack strategies to bypass security defenses and identify vulnerabilities.
Reporting & Remediation Guidance:

Produce comprehensive reports detailing the vulnerabilities found, their severity, and recommended remediation steps.
Provide ongoing support to clients or internal teams in addressing discovered vulnerabilities, ensuring that remediation is effective.
Stay Updated on Security Trends:

Continuously enhance technical expertise by staying up-to-date on the latest cybersecurity threats, attack techniques, and defensive strategies.
Share knowledge and contribute to the development of internal security training programs or tools.
Client Engagement (For Consulting Roles):

Communicate directly with clients to discuss engagement objectives, scope, and findings.
Assist clients in understanding the risk of identified vulnerabilities and providing guidance on how to improve their security posture.