We’ve noticed that:

  • For security specialists is so difficult to find a job that allows to put their skills to the test and always find & learn the latest things from the industry
  • For companies is always a challenge to find reliable security professionals to hire or simply to collaborate project based

Two years ago we have created a place where we can announce latest positions available from our trusted partners.

Discover Who is Hiring at DefCamp 2018

Discover Who Hired in 2016.

Discover Who Hired in 2017.

Orange

What the team does:

We are a small security team offering security services to most of the countries/entities across the Orange Group. We have both attack (like pentesting) and defense (like DevSecOps) activities and we also do research.

If we would be a word cloud, it would sound something like: Kali, Burp, Python, HackRF, OpenStack, Docker, Kubernetes, OWASP, Ruby, appsec, REST, open source.

What you would be doing:

First and foremost, pentesting. You would be involved in all our pentest engagements, from kick-off to the report. Our targets are quite varied, you can have from small web apps to entire payment platforms, IoT devices and XaaS platforms.

When you won’t be pentesting you’ll mostly be doing other kinds of security assessments, like vulnerability scans or configuration audits. You will also help other teams with advice on how to best secure their systems and probably, if you’re up to it, you’ll also work on developing our arsenal by writing our own tools that match our environment.

What you need:

Essential:

  • Curiosity, a hacker mindset
  • A deep understanding of the TCP/IP stack and of how (at least) web applications work
  • Experience with pentesting and/or vulnerability research,
  • The ability of working your way in an almost 100% *NIX environment
  • People skills. There’s little use in popping a shell if you can’t explain why that’s bad and how to fix it
  • The necessary skills to write your scripts/tools to automate your work

Great to have:

  • Full stack development understanding and skills
  • One or more of the following certifications: OSCP, GPEN, GWAPT, C|EH (OSCP would be great though)
  • IoT-related skills

You can read more here.

Orange Services’ Infrastructure Technology Engineering team supports countries to develop their infrastructures, including shared solutions. It also serves growing demands of expertise from Orange countries.

You will be part of a young and dynamic organization together with infrastructure architects, network engineers, system engineers and project managers.

Who you are:

  • You are able to work comfortably in a fast-changing environment on interesting technical  challenges
  • You will be prepared to assimilate new technologies
  • You have a passion for efficiency, performance and continuous improvement
  • You are all about sharing and collaboration with your teammates

What you will be doing:

  • Qualify, deploy and support  opensource Cloud components such as Openstack
  • Get involved in opensource communities related to cloud and cloud native technologies
  • Maintain the relationship between Engineering team and Operational teams and ensure proper communication between the teams (act as L3 between Operations and Development)
  • Work with the Operations team to ensure that a high level of customer service and support is provided
  • Ensure proper transfer of knowledge to operational teams by delivering technical trainings, workshops and audits
  • Test and apply fixes for issues in opensource cloud components used by Orange
  • Create documentation for the usage and integration of opensource cloud components
  • Build the necessary operational procedure documents to ensure the Operations team has a high degree of autonomy

What you bring:

  • At least 3 years of experience in infrastructure engineering operations or design
  • Proven skills in networks and security (Routing and switching)
  • Good knowledge of virtualization, containerization and cloud concepts
  • Knowledge of Automation tools (Ansible, Puppet, Chef, etc)
  • Knowledge of web security with a good understanding of protocols and services like TCP/IP, HTTP/S, SSL/TLS, DNS, DHCP, LDAP, Load balancing
  • IT design & processes would be appreciated
  • Advanced Linux administration skills including network & software knowledge
  • Experience with storage and monitoring is a plus
  • English language : fluent spoken and written

You can apply here!

SecureWorks

Secureworks (SCWX-NASDAQ) is a global leader in intelligence-driven information security solutions. Consistently recognized by industry analysts and readers’ polls, we are one of the best in the world at understanding and anticipating threat behavior. Join a talented, dedicated, and diverse team of security researchers, analysts, engineers, and consultants who are focused 100% on protecting our clients from cyber threats. We seek out the brightest minds and empower our teams with the tools and support they need to fight the bad guys, and maintain our company’s leadership in the cyber security industry.

As a proud part of the Dell Technologies family, we enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Careers at SecureWorks

If you like who we are, what we do, and how we run our security business, consider joining the team that is collectively smarter. In our Security Centre of Excellence you’ll regularly find a variety of opportunities for all career levels: Junior Specialists – with the possibility to join our Cyber Academy or Trainee Program, Senior Professionals, Management, Consultancy, Project and Program Management. You can find more on our Career Page: https://www.secureworks.com/careers

If you are eager to pursue a career in cyber security – and not just find a job – consider joining the team that is Collectively Smarter.  Together, we help our clients to be Exponentially Safer.

  • Transition and Transformation Consultant
  • Information Security Team Lead
  • Endpoint Platform Senior Engineer
  • Cloud & Security Analytics Sr. Platform Engineer
  • Data Loss Prevention Senior Engineer
  • Senior Security Systems Firewall Administrator
  • Identity and Access Management Specialist
  • Business Intelligence Senior Adviser
  • Application Security Consultant
  • Information Security Risk Management Senior Adviser
  • Network Security Senior Engineer

Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.

Key Responsibilities

The Program Manager oversees and coordinates the information security services that SecureWorks provides to the client. The PM is a trusted information security partner with the client and works collaboratively to understand, anticipate and recommend risk mitigation while promoting the overall information security protection for the clients information assets. In this role, the PM works with stakeholders and teams across the organization to help deliver information security services.

Role Responsibilities

  • Ensuring the delivery of information security services to the client is in compliance with the contract and is in compliance with any applicable standards and regulatory requirements (e.g., PCI, HIPAA)
  • Perform client account management (communications, site visits, monthly & Quarterly Governance, etc.)
  • Lead cross-functional program teams in security remediation planning and execution of security programs by planning and tracking of tasks, schedules, resources and dependencies- facilitate & drive project meetings
  • Participating with the client in the definition and implementation of information security policies, strategies, procedures and settings to ensure confidentiality, integrity and availability of clients environment and data
  • Participating with the client in the strategic design process to translate security and business requirements into processes and systems; evaluating new / emerging security products and technologies and making recommendations to customer leadership in regards to the security posture impact on the organization
  • Identifying, reviewing and recommending information security improvements as they relate to the achievement of the clients business goals and objectives
  • Participating in internal and external audits for the client (e.g., SOX, PCI) and coordinating information security services activities
  • Managing and driving remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
  • Identifying information security weaknesses and/or gaps in the clients current operations and working with the client to bring information security operations up to standards
  • Participating and representing information security in delivery / operational meetings; conducting an information security operational review meeting with account (e.g., Client Delivery Executive) and client (e.g., CISO) key stakeholders with topics including information security status and performance
  • Reviewing service management reports to ensure tickets (i.e., incidents, problems, requests, changes), related to information security, are being acknowledged, worked and Service Level Agreements are being met; providing direction on ticket remediation and ensuring remediation is complete
  • Conducting an ongoing security awareness program for Dell personnel supporting the client ensuring individuals understand and are compliant with the relevant information security obligations in support of the client; program should address relevant security topics and adequately provide guidance on security policies and supporting documentation
  • Cultivating trusted partner relationships with account and client; keeping consistent and open dialogue to uncover issues, challenges, risks
    Maintaining an information security strategy (forward looking roadmap), for your client, aligning services / portfolio components to the strategy

Essential Requirements

  • Minimum of 5 years of related experience as a Program Manager or Service Delivery Manager in a technology focused Enterprise environment
  • Minimum of 2 years of experience managing cyber security projects
  • Minimum of 4 years experience in managing medium size teams (40-50 people)
  • Knowledge of end-point security architecture and protection strategies. Can include hands-on experience overseeing/managing common end-point security technologies (i.e., AV, Encryption,
  • Spam/Spyware, Personal Firewalls, as well as other protection capabilities such as GPO management and mobile security strategies).
  • Client relationship management experience at the senior level
  • Ability to manage and prioritize multiple tasks and projects and assist/advise support engineers in establishing appropriate priorities
  • Experience with information security analysis (SOC L1-L2-L3 operations) and the overall IR flow
  • Strong oral and written communications
  • At least one of the following certifications: CISSP, CISM

Key Responsibilities

The SIEM Platform Manager will be expected to leverage Splunk, QRadar, ArcSight in order for:

  • Standard Log Sources On-Boarding, by taking part in the planning, testing and implementation of the new device or host deployment projects and providing the SIEM requirements for its successful on-boarding
  • New Log Source Type On-Boarding Projects, by providing assistance on onboarding new appliances/servers into the SIEM platform, providing requirements and verifying that the on-boarding has been done successfully
  • Configuration Back-up, by creating an automatic back-up task or on demand based on an agreed schedule with the Customer and performing weekly reviews of the back-up mechanisms
  • Maintaining the SIEM platform up to date by downloading, testing and performing platform updates
  • Third party Security Feed testing and integration
  • Risk/Compliance statistical reports of the current logging status for the whole environment, or for specific groups or departments.
  • Creating and implementing SIEM data retention policy, based on Customer requirements
  • Expanding the SIEM Infrastructure, by providing the required change details in a timely manner to the Customer
  • Integrate the SIEM platform with 3rd party technologies, when applicable (e.g. Tripwire)
  • Threat Use Case Planning, by identifying the threat use cases that are of upmost importance to the organization by means of reviewing Enterprise risk management, cyber risk assessment reports and 3rd party Security feeds
  • Threat Use Case Design, which will include an understanding of attacks through attack trees, recognizing threats via indicators, and the gathering of intelligence for research and planning purposes
  • Threat Use Case Builds, by specifying an alert description, criticality, applicable log sources, log events and thresholds for the alert, response phases and objectives and the alert workflow
  • Correlated SIEM rule proposal and subsequent creation, based on identified threat use cases
  • Threat Use Case documentation and hands-on training on proposed correlated rules
  • Interfacing with the SIEM vendor, for the purposes of support case management
  • Working Schedule is 12 hours shifts by rotation.

Essential Requirements

  • 5+ years of experience in cyber security
  • Previous experience with Splunk, QRadar, ArcSight administration and content development
  • University education, degree in Computer Science, Information Systems, or Network and Security
  • Detailed knowledge of security technologies and trends.
  • Desirable Requirements
  • Possess active industry certifications such as Comptia Security+, SSCP, GCIH, GCIA or related
  • Working knowledge/experience of network systems security principles and applications
  • Fundamental understanding of defense strategies.

Key Responsibilities

This Vulnerability Scanning and Remediation Senior Engineer position is part of a team who delivers world-class compliance and security-focused solutions to Secureworks Vulnerability Management customers. The Engineer will work with the Vulnerability Management Engineering Team and the top enterprise client within that service offering to act as a technical point of contact for their Vulnerability Management services.

You should be knowledgeable of vulnerability management tools and processes, and demonstrate the ability to communicate clearly and appropriately with clients. Applicant should understand penetration testing methodology and be able to communicate pen testing findings to managers and network administrators.

Responsible for understanding, reviewing, and interpreting Dell Secureworks assessment and scanning results, reducing false positive findings, and acting as a trusted security advisor to the client locally
Responsible for working with DSWs VMS Dedicated Team Architect to assist with understanding threat data and vulnerabilities found on clients network
Learn and adapt to clients culture, security strategies, security goals, security objectives, and security capabilities
Maintain knowledge of outstanding vulnerability management issues as it pertains to the Clients SW Vulnerability Management Service and communicate updates to Client as appropriate
Collaborate with program management and Client teams to create both tactical and strategic plans(establish and communicate a clear vision and ensure short term issues do not overtake strategic goals)
Serve as an escalation point for all local Client technical issues requiring support within the – Vulnerability Management offering
Providing Vulnerability Assessment Scanning and guidance, False Positive Validation, Attestation Signing, Compliance Scanning and policy creation using the QualysGuard Policy Compliance Suite and Web Application Scanning using the Qualys WAS Suite

Essential Requirements

– 3+ years of experience in a technical security support role
– Strong network engineering experience with Linux/Unix, – Windows, and network infrastructure administration
– Experience with Vulnerability Management platforms such as Qualys, Tennable Nessus, Rapid7 Nexpose, Tripwire, Mcafee
– Experience with network and application security testing tools and scripting languages map, Paros, Perl and Python
– Provide guidance and support for Vulnerability remediation scenarios
– Strong technical, analytical, and interpersonal skills; ability to interact with stakeholders like customer support or executive leadership teams, vendors, etc.

Desirable Requirements
– QualysGuard Certified Specialist
– Bachelor in Computer Science or another relevant technical field
– One or more of the following certifications: CISSP, QSA GPEN, GCIH, CEH, ECSA
– Perform manual validation of findings using tools like OpenSSL, ikescan, Burp, etc.
– Provide technical authority, vision, documentation of operational procedures and guidance to ensure the continued evolution of Secureworks Managed Vulnerability offerings

Intralinks

Cryptography Engineer

JOB TITLE:  Cryptography Engineer
LOCATION: Bucharest
OVERVIEW:
As critical member of the team be the cryptography engineering expert for the R&D organization and the company.
Drive innovation in applying cryptography while implementing architecture blueprint for Intralinks platform. Investigate and apply blockchain technologies to core capabilities, IAM and other important components of the platform.

Essential Functions

  • Principal Engineer to Drive cryptography innovation
  • Be the subject matter expert of public key cryptography for engineering teams
  • POC blockchain technologies tailored to platform needs and document recommendations
  • Design and implement smart contracts-based Virtual data room lifecycle, access control and other applicable feature/functionality.

Qualifications

  • Expert knowledge of public key cryptography and digital certificate formats and lifecycle
  • Expert level knowledge of crypto primitives and symmetric cryptography
  • 1-5 years of experience in cryptography engineering
  • 5-10 years engineering experience desired
  • Working knowledge of cryptography implementations on windows and linux platforms
  • Knowledge of contract-oriented programming languages (Solidity, Serpent, Kotlin or similar)
  • Good written communication skills, proven ability to produce technical documentation
  • Specific experience in decentralized applications highly desired

A definite plus

  • Working knowledge of coding (at least one of Java, C++, scripting languages
  • Knowledge of blockchain principles and implementations
  • Expert level knowledge of NIST guidelines on cryptography
  • Commercial experience of coding with Solidity, Serpent, Kotlin or similar.
  • Understanding of decentralized applications, consensue protocols and smart contracts

Education

  • Good to have Bachelor’s degree in math, engineering or related discipline

Travel

  • no more than 5%

From the Hiring Manager

We live and breathe data confidentiality and integrity. We want to add cryptographic non-repudiation to all activity of our platform. Join the small team of professionals tasked with creating technologies to protect valuable, market-moving data.
Work on implementation of key management systems, secrets management and applying state of the art technologies to business process automation. Create new art in fintech working with new technologies and most demanding customers.

Apply here

CrowdStrike


CrowdStrike is a leading provider of next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. We are the fastest growing endpoint protection company, one of the World’s Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success. The CrowdStrike Falcon platform uses sophisticated signature-less artificial intelligence/machine learning and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats.

 CrowdStrike Accomplishments:

  • January 2018: Awarded #1 in the Visionaries quadrant of the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms.
  • February 2018: Great Place to Work

Job purpose

Are you passionate about cybersecurity? Join our Security Response Team from Romania and you will focus on improving the detection capability and efficiency for the Falcon Host platform through tactical analysis of ongoing attacks by investigating petabytes of data.

 You will:

  • Review and develop detections that adhere to company performance and security standards
  • Analyze files and behavioral activity to determine if they are legitimate or malicious.
  • Contribute to active mitigation efforts and support incident response engagement with technical expertise.
  • Analyze and track ongoing criminal campaigns targeting CrowdStrike customers.
  • Develop tools to assist with automation of analysis tasks and tracking of threat actors.

What we need:

  • Sound understanding of current and emerging threats and ability to demonstrate practical knowledge of security research
  • Experience working with and manipulating large data sets (i.e. billions of events per day).
  • Experience in a security operations center or similar environment tracking threat actors and responding to incidents.
  • Fundamental understanding of attributes of binary files on multiple operating systems (Windows, MacOS, Linux)
  • Knowledge of programming and scripting languages, in particular Python.

Bonus points awarded for:

  • Good understanding of Windows OS internals and the Windows API.
  • Familiarity with tools used in targeted and criminal intrusions.
  • A background in exploit and vulnerability analysis is a plus.
  • Knowledge of a variety of programming languages including C, C++, Java, and Assembly.
  • General understanding of threat/risk management and threat/risk assessment.
  • Experience with malware analysis tools and reverse engineering (with IDA Pro)
  • Knowledge of machine learning, and labelling applied to malware classification
  • Experience with the following tools: Windows Debuggers (Ollydbg, WinDbg), Wireshark
  • BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, or a related field

What we offer:

  • Competitive salary
  • Stock options
  • Private Healthcare insurance
  • Life insurance
  • Training budget
  • Flexible time off
  • Team hangouts

WHY US?

  • Dynamic company with opportunities to expand skills and cross train in new areas.
  • Ability to make an impact, both with customers and fellow team members.
  • High visibility engagements and company name enable accelerated career growth potential.
  • Agile team eliminates bureaucracy and provides flexibility to make immediate improvements.
  • Immediate mentorship and leadership opportunities.
  • Work with like-minded, driven, and smart team members who will challenge you daily.
  • Google invested in us, shouldn’t you?

CrowdStrike is an Equal Opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 

Siemens

 If you really want to make a difference – make it with us

Your new role – challenging and future –oriented

• You will evaluate security technologies for protecting products, solutions, and infrastructures
• You will develop and implement innovative security mechanisms for industrial environments
• You will support the setup and commissioning of the implemented security mechanisms
• You will use your knowhow to bridge the gap between legacy industrial systems and new security technologies

Your Qualifications – Solid and Appropriate

• You are interested in testing and prototyping state-of-the-art and beyond security technologies
• C/C++, Bash, Python, Buildroot
• You have successfully majored in a computer science or electrical engineering
• You have distinct knowledge of communication, information, and security technologies
• You are familiar with usage and administration of operating systems (Linux, Windows)
• You have experience with application whitelisting technologies and related Windows 10 security features like Device Guard and Exploit Guard to protect against malware.
• You have proven skills in software development,
ideally also for embedded systems or the Linux kernel
• You are diligent and accurate in performing tasks
• You have an excellent proficiency in English and (ideally) German

Your new role – challenging and future –oriented

• Assess enterprise applications with tool-based and manual penetration testing methods (Web Technologies, Rich Clients, SAP, Networks, protocols)
• Find new vulnerabilities in business applications and prove their relevance with exploits
• Write client reports that detail: approaches for exploiting vulnerabilities, risk evaluation and mitigation suggestions
• Explain vulnerabilities and their impact to technical experts, as well as management personnel
• Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably

Your Qualifications – Solid and Appropriate

• Master’s degree in Computer Science/Information Technology/IT Security
• Minimum 3 to 5 years experience in hands-on penetration testing or red team engagement, current attack methods and tools
• Review and ensure the secure configuration of different operating systems, network and mobile devices
• Experience in analyzing rich clients using debugging, API hooking, fuzzing, etc.
• Proficiency in programming languages such as C/C++, Java, .NET, Python as well as source code review
• Experience in SAP ABAP/Java Stack
• Ability to understand, find, verify and explain security vulnerabilities
• Fluent in spoken and written English, including security terminology

Your new role – challenging and future –oriented

• Develop new features to further extend a security testing framework at Siemens
• Work on software development tasks covering both, Creation of optimal solutions to refine a security testing framework – focus on performance and accuracy
• Create solutions that are designed in a way to be modular and easy to maintain – focus on code quality
• Technology stack: Python 3, Python Flask, Jinja2, SQLAlchemy, Bootstrap, SQLite, PostgreSQL, Ubuntu Linux, Nmap

Your Qualifications – Solid and Appropriate

• Master’s degree in Computer Science/Information Technology;
specialization in IT Security a plus
• Minimum 3 Experience in Python 3 development and system
administration
• Experience in Python 3 development and system administration
• IT security background, such as secure coding, secure IT operations, penetration testing or IT security consulting

EA

Senior Security Operations Specialist

The role will be part of Security Operations department, acting as the last level of escalation for investigating security incidents. The role will ensure the security alerts/incidents escalated from L2 will be deep analyzed, provide a resolution, identify root cause and propose measures to prevent further occurrence. Also the role will be responsible in ensuring intelligence data is gathered and corrective actions are taken to minimize further occurrence.

• Act as the ultimate escalation point for L1/L2 analyst. The L3 analyst will ensure that effective escalation to wider EA Security teams takes place as necessary.
• Act as analyst SME for security tools deployed across organization.
• Provide in depth analysis of security alerts and where necessary make recommendations to the Incident Response team to improve EA security posture.
• Review L1/L2 activities and actively provide feedback and support.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Assist in the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats
• Partner with security teams to provide guidance and support in implementing new projects.
• Participate in global security or IT projects ensuring security operations objectives are met.
• Periodically review the incident response process and propose improvements.
• Identify and monitor relevant operational metrics.
• Experience teaching and mentoring others in technical and analytical skills.
• Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.)

Experience and skills:

• Minimum 3 years of experience in similar roles
• Deep knowledge of security operations tools – SIEM, endpoint security tools, Intrusion detection
• Good understanding of security processes and SOC activities
• Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
• Experience conducting malware analysis
• Knowledge of computer forensic best practices and industry standard methodologies for acquiring and handling of digital evidence, required.
• Strong analytical, communication and problem-solving skills, required
• Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
• Ability to identify both tactical and strategic solutions.
• Ability to work independently and in a cross functional team.

TAD Group

Penetration Tester

We are looking for a highly motivated penetration tester to help continue raising the bar on cybersecurity. 

Are you a white hat hacker who enjoys hard challenges and out-of-the-box thinking? Have you used famous tools to gather information about a network or tested the network security posture? Our analysts possess the ability to evaluate operating systems, network protocols, network configurations, and network architectures for vulnerabilities.

We are looking for the following experience:
• Knowledge of Windows/Unix systems administration and security vulnerabilities
• Understanding of and the ability to perform penetration testing
• Understanding of and the ability to perform both web application and network testing
• Understanding of penetration testing tools and techniques

We would love to hear about your skills and your experience, as well as any questions you might have.

Only shortlisted candidates will be contacted!

UiPath

Senior Penetration Tester

UiPath is looking for a Penetration Tester to help and grow the security related operations within the fast-growing product teams across the company. This is a deeply technical role which implies developing and applying formal security centric assessments against existing and in-development UiPath products and features. The Pen Tester will analyze product functional and security requirements and use state of the art testing tools, or develop new tools, as needed, to assess the security level provided. The Penetration Tester will work with Security Engineers, together with stakeholders, and is responsible of detailing and executing the testing plans and strategies, while also building clear and concise final reports.

A successful Penetration Tester at UiPath is a self-starter, with strong analytical and problem-solving skills. Ability to maneuver in a fast-paced environment is critical, as well as handling ambiguity coupled with a deep understanding of various security threats. As a true owner of security in UiPath, great writing skills are needed, coupled with the ability to interact with stakeholders across multiple departments and teams. The Senior Penetration Tester acts as a mentor for technical peers and can transpose testing strategies and results in high level non-technical language.

Job responsibilities:

  • Penetration testing & vulnerability research
  • Recommendation of threat mitigations
  • Produce high quality penetration testing reports
  • Projects and research work as needed
  • Security training and outreach to internal development teams
  • Security guidance documentation
  • Security tool development
  • Security metrics delivery and improvements
  • Assistance with recruiting activities

Skills:

  • BS in Computer Science or related field, or equivalent work experience
  • Minimum of 5 years of experience with vulnerability testing and auditing techniques
  • Advanced knowledge and understanding of security engineering, authentication and security protocols, cryptography, and application security
  • Ability to produce clear and concise reports

Nice to Have

  • Good knowledge of sytem and network security
  • Experience using various penetration testing tools (such as, BurpSuite, Metasploit, Nessus, etc.)
  • Experience with reverse engineering
  • Demonstrable teamwork skills and resourcefulness
  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)

Sponsors & Partners

They help us make this conference possible.

Stay Updated - Join Our Newsletter