Pentest Engineer

Mô tả Công việc

Pentest Engineer is responsible for identifies vulnerabilities or failures on technical and organizational controls that affect the confidentiality, integrity and availability of ICT products (e.g. systems, hardware, software and services)

- Provide guidance and mentoring to team members in the areas of penetration testing, security

- Conducting penetration testing on various types of systems and networks, including web applications, networks, mobile applications, and cloud environments. Communicate testing results and recommendations to senior management and technical staff

- Learning and developing skills in Penetration Testing (Webapp, Mobile, Cloud, System). Stay up-to-date with the latest security trends, threats, and best practices

- Manage and overseeing projects and resource allocation for penetration testing engagements.

- Collaborate with other teams and departments to improve the overall security posture of the organization

- Perform other duties as requested by superiors.

Yêu Cầu Công Việc

- Education: Bachelor's Degree in Information Security, Cyber Security, Computer Science, or a related field: This type of degree program provides a strong foundation in computer science, information security and engineering concepts and technologies

- Knowledge:

1. Web Application Security: Deep understanding of web application security concepts, including OWASP Top 10 vulnerabilities, web application firewalls, and web application penetration testing.

2. Mobile Application Security: Deep understanding of mobile application security concepts, including mobile platform specific vulnerabilities, mobile device management and mobile application penetration testing.

3. Scripting and Programming: Deep understanding of scripting and programming concepts, including the ability to write and modify scripts and programs for security testing and automation.

4. Exploit Development: Deep understanding of exploit development concepts, including the ability to create, test, and deploy custom exploit code for penetration testing.

- Certificate: Certifications of information security technical such as OSCP, eJPT, eCPPT, eWDP,..

- Professional experience: < 2 years experience working with penetration testing

- Technical Skills: Knowledge of penetration testing skills such as: web application security, mobile application security,…

- Leadership and Communication: Strong leadership, management, and communication skills, ability to lead the development and implementation of security strategies, and manage relationships with internal and external stakeholders.

- Problem-solving: Strong problem-solving skills, able to identify and analyze complex security issues and develop effective solutions.

- Continuous Learning: Ability to stay up-to-date with the latest security trends, threats, and best practices, and continuously improve security posture.