The primary responsibility of this position is to conduct security assessments and penetration tests, follow up remediation of identified vulnerabilities, participate in incident response and proactively research future threats.

Main responsibilities

• Perform application penetration testing against corporate and customer software applications
• Conduct vulnerability assessments on Internet-facing systems and internal systems
• Document technical issues identified during security assessments and incidents and write reports
• Follow up on implementation of corrective actions from assessments and incidents
• Research security threats and attack vectors
• Manage network forensics and incident response when assigned
• Perform special security projects on an ad hoc basis

Requirements and Qualifications

• Previous hands-on experience in penetration testing and vulnerability assessment
• Experience in information security and technical aspects thereof
• Experience of web application testing, infrastructure testing, manual testing, code reviews
• Knowledge of web technologies and communication methods
• Familiarity with general application and network security concepts
• Strong organizational skills and detail-oriented
• Strong presentation, written and verbal communication skills
• Self-starter, doesn’t want to be micromanaged
• Excellent team player

Good to have

• Professional certification is an advantage (OSCP, OSCE, GIAC CPEN, CREST CRT, CEH or equivalent)
• Knowledge of information security standards such as ISO27001, PCI DSS, GDPR
• Experience with systems development, systems administration and/or network administration
• University degree from an accredited college or university, or equivalent
• Previous Experience in Responsible Disclosure & Bug Bounties