Penetration Tester

Malcrove

As a Penetration Tester you will perform security vulnerability assessments on customers core IT assets. With your expertise you will assess, identify, research and exploit vulnerabilities on application environments and underlying infrastructure. You will perform penetration and vulnerability tests with a grey box approach to give the client a birds eye view of the technical security gaps that can be exploited by hackers. Your technical activities are extended with documenting your findings and creating recommendations for improved infrastructure and application security.

Having insight in latest infra and web application scanning methodologies and tools like Tenables Nessus and Accunetix make you the ideal candidate that can be involved in performing network-based and web application security assessments. You are capable in developing own testing scripts and procedures and are familiar with OWASP, payload analysis and exploit development.

• Understanding and familiarity with common penetration testing methods and standards;
• Experience in executing network infrastructure penetration test assignments;
• Experience in executing web application penetration test assignments;
• Experience in vulnerability research or reverse engineering;
• Experience with OllyDbg or WinDbg, IDA Pro, and BinDiff;
• Exploit development with C, Java or shellcode preferred;
• Excellent knowledge of Operating Systems like Windows, Linux, Solaris, OS X;
• Familiarity with web Server and Application Software: IIS, Apache, WebLogic, WebSphere, Tomcat;
• In depth knowledge of HTTP proxy tools such as Burp, Charles, Fiddler;
• Good understanding of Web technologies such as XML, SOAP, AJAX;
• Experience with application scanning tools like Websecurify (is a pre), IBM s AppScan, HPs WebInspect, Acunetix and Netsparker;
• Experience with network vulnerability scanning tools like Tenables Nessus.