Divoro — вакансії

We are looking for Senior Penetration Tester to join our team. As a Senior Penetration Tester, your primary responsibility will be to conduct advanced security assessments and penetration testing engagements to identify vulnerabilities and weaknesses in the organization's infrastructure, applications, and systems. Your role will also involve creating comprehensive reports and recommending appropriate remediation measures to mitigate identified risks.

Your responsibilities will be:

• Conduct comprehensive penetration tests on systems, networks, and applications to identify vulnerabilities, weaknesses, and potential security risks. Utilize various tools, techniques, and methodologies to simulate real-world attacks and gain unauthorized access to systems for testing purposes.
• Perform vulnerability assessments to identify and categorize vulnerabilities in systems and applications. Use scanning tools and manual techniques to discover known security weaknesses and misconfigurations.
• Exploit identified vulnerabilities to gain unauthorized access and evaluate the potential impact of a successful attack. Conduct further investigations to determine the extent of the compromise, potential data exfiltration, and potential lateral movement within the network.
• Document and communicate the findings, vulnerabilities, and recommended remediation measures in a clear and concise report. Provide stakeholders with detailed technical descriptions, risk ratings, and mitigation strategies, including technical teams and management.
• Advise stakeholders on security best practices, potential risks, and recommended security controls. Collaborate with system administrators, developers, and other stakeholders to assist in implementing necessary security measures.
• Stay current with security vulnerabilities, attack techniques, and industry trends. Continuously enhance your knowledge and skills by conducting research, participating in relevant communities, and attending training or conferences.
• Work collaboratively with cross-functional teams to ensure effective communication and coordination during penetration testing engagements. Clearly communicate technical concepts, risks, and mitigation strategies to technical and non-technical stakeholders.
• Stay informed about relevant compliance requirements and industry standards (e.g., PCI DSS, HIPAA, ISO 27001). Ensure that penetration testing activities align with these standards and regulatory frameworks.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proven experience conducting penetration testing engagements, including network, web application, and wireless assessments.
• Strong understanding of networking protocols, operating systems, and web technologies.
• Familiarity with penetration testing tools like Metasploit, Burp Suite, Nmap, Wireshark, etc.
• Knowledge of scripting languages (e.g., Python, PowerShell, Bash) for automation and custom tool development.
• Excellent verbal and written English skills.
• Analytical and problem-solving skills, with the ability to identify and exploit vulnerabilities effectively.
• Great written and verbal communication skills to convey technical concepts and findings to stakeholders.
• Familiarity with compliance standards (e.g., PCI DSS, HIPAA, ISO 27001) and industry regulations is beneficial.
• Strong ethical standards and adherence to professional conduct in handling sensitive information and conducting penetration tests.
• Ability to work both independently and collaboratively in a team environment.
• Continuous learning mindset to keep up with emerging security threats, vulnerabilities, and mitigation techniques.