Pen Tester - CERT Team

- - - - - - - - - - - -

KEY EXPECTED ACHIEVEMENTS

Key Responsibilities

1. Penetration Testing (Pentest)

• Conduct "security tests" on applications and systems in compliance with ethical standards and recognized methods.
• Evaluate vulnerabilities and assess their exploitability within the IT ecosystem.

2. Red Team Operations

• Actively participate in Red Team missions commissioned by the Group Security Team.
• Simulate real-world attack scenarios to assess defenses and identify improvement areas.

3. Threat Hunting

• Detect vulnerabilities across the IT landscape and ensure appropriate ticket creation and resolution.
• Continuously identify exploitable bugs and proactively address them.

4. Development

• Develop internal tools (scripts, software, APIs, web services) to enhance operational efficiency.
• Automate repetitive tasks and improve existing workflows using custom scripts or software solutions.

5. Security Expertise

• Provide security consultancy to various projects, supporting internal development teams with vulnerability remediation.
• Offer expertise on web technologies, Active Directory/Windows environments, and network systems security.

6. Collaboration and Coordination

• Collaborate with Global Security teams to deliver training, coaching, and best practices.
• Foster a culture of continuous improvement and proactive defense across teams.

Desired Profile

• Experience: 10-12 years in cybersecurity roles with a strong focus on penetration testing, threat hunting, and tool development.
• Certifications: Relevant certifications like OSCP, CEH, GIAC, or similar credentials are preferred.
• Hands-On Exposure: Experience with web application and AD/Windows environment penetration tests and network intrusion detection.

Technical Skills:

• Penetration Testing Expertise:
  • Hands-on experience with HackTheBox, TryHackMe, or similar platforms.
  • Experience managing Bug Bounty Programs as an Ethical Hacker using relevant tools.
  • Proficiency in Burp Suite and IDA Pro (for reversing).
  • Strong PowerShell scripting and general scripting capabilities.
• Web Development & Security:
  • Understanding of web application development and deployment to simulate attacker perspectives.
  • Expertise in penetration tests on web technologies, Active Directory/Windows environments, and networks.
  • Familiarity with intrusion tests on industrial control systems is a plus.
• Programming & Scripting:
  • Proficiency in languages such as Python, Java, Shell scripting, .NET, and PowerShell.
  • Development experience for building tools, automation scripts, or utilities to improve security testing workflows.
• Network & System Security:
  • Deep understanding of network security principles and systems security.
  • Ability to detect and mitigate vulnerabilities effectively.

Behavioral Competency

• Initiative and Autonomy: Ability to work independently with minimal supervision.
• Curiosity and Innovation: Strong curiosity to explore vulnerabilities and exploit potential bugs.
• Collaboration: Adept at working in cross-functional, international teams and different time zones.
• Communication Skills: Strong ability to articulate technical concepts to stakeholders effectively.

Availability

The role operates on a follow-the-sun model, requiring collaboration with the global Group CERT team. Analysts must operate 3-4 days from the office and be available on a rotation basis for Weekend on call support.