isecjobs.com

Penetration Tester

Chuo City, Japan

Full Time Mid-level / Intermediate USD 47K - 87K * est.
Company logo

TableCheck

View all jobs at TableCheck

Apply now Apply later

About TableCheck Inc.

TableCheck is a leading restaurant management platform that helps restaurants optimize their operations and enhance guest experiences. As we continue to grow and handle sensitive customer and business data, we are committed to maintaining the highest standards of security and compliance.

Position Overview

We are seeking an experienced Penetration Tester to conduct comprehensive security assessments of our web applications and cloud infrastructure. This role is critical in ensuring our compliance with ISO27001 and SOC2 standards while identifying and helping remediate security vulnerabilities before they can be exploited.

The ideal candidate will have extensive experience in web application penetration testing, particularly in large-scale environments, and the ability to communicate complex technical findings to both technical and non-technical stakeholders.

Key Responsibilities

Technical Responsibilities

  • Conduct comprehensive penetration tests on web applications, APIs, and cloud infrastructure
  • Perform security assessments following OWASP Testing Guide and PTES methodologies
  • Identify and exploit vulnerabilities in accordance with the OWASP Top 10
  • Execute both automated and manual testing techniques
  • Develop proof-of-concept exploits to demonstrate vulnerability impact
  • Assess AWS cloud environment security configurations
  • Perform post-exploitation activities including privilege escalation and lateral movement
  • Validate remediation efforts through retesting

Compliance & Reporting

  • Ensure penetration testing meets ISO27001, SOC2, and other compliance requirements
  • Produce comprehensive technical reports with CVSS scoring
  • Create executive summaries that translate technical risks into business impact
  • Provide attestation letters for compliance purposes

Communication & Collaboration

  • Present findings to technical teams and management
  • Provide clear, actionable remediation guidance
  • Collaborate with development teams to understand application architecture

Required Qualifications

Experience

  • Minimum 3+ years of hands-on penetration testing experience
  • Proven track record of conducting web application penetration tests on large, complex environments
  • Demonstrated experience with enterprise-scale assessments
  • Prior experience with compliance-driven penetration testing (ISO27001, SOC2, and/or PCI-DSS) is a preferred 

Technical Skills

  • Expert proficiency with web penetration testing tools including but not limited to:
    • Burp Suite Professional
    • OWASP ZAP
    • Nmap
    • Metasploit Framework
    • SQLMap
    • Custom scripting tools
  • Deep understanding of the OWASP Top 10 vulnerabilities and testing methodologies
  • Comprehensive knowledge of PTES (Penetration Testing Execution Standard) technical guidelines
  • Strong understanding of web technologies: HTTP/HTTPS, REST APIs, JavaScript, SQL, etc.
  • Experience with AWS environments including:
    • EC2, S3, RDS, Lambda
    • IAM policies and roles
    • VPC and network security
    • AWS-specific attack vectors
  • Proficiency in scripting languages (Python, Bash, PowerShell, etc.)
  • Knowledge of common web frameworks and their security implications

Professional Certifications (Required)

Must hold at least ONE medior/senior-level penetration testing certification:

Note: Junior certifications (CEH, Security+, PenTest+, etc.) alone are NOT sufficient for this role.

Communication Skills

  • Excellent technical writing skills in English for detailed pentest reports
  • Outstanding non-technical writing abilities for executive summaries and business communications
  • Proven ability to translate complex technical vulnerabilities into business risk language
  • Strong documentation skills for creating testing methodologies and procedures

Compliance Knowledge

  • Understanding of penetration testing requirements within:
    • ISO/IEC 27001:2023 framework
    • SOC2 Type I/II criteria
    • PCI-DSS requirements (preferred)
  • Experience providing compliance attestation and evidence
  • Knowledge of regulatory requirements affecting security testing

Preferred Qualifications

Language Skills

  • Japanese language proficiency is not required, but is very welcome

Additional Technical Skills

  • Knowledge of container penetration testing (Docker, Kubernetes)
  • Experience with infrastructure as code (Terraform)

Additional Certifications (Nice to Have)

  • OSWE (Offensive Security Web Expert)
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  14  0  0
Category: PenTesting Jobs

Tags: APIs AWS Bash Burp Suite CEH Cloud Compliance CVSS Docker EC2 Exploit Exploits IAM ISO 27001 JavaScript Kubernetes Lambda Metasploit Network security Nmap Offensive security OSWE OWASP Pentesting PowerShell Python S3 Scripting Security assessment SOC 2 SQL Terraform Vulnerabilities

Region: Asia/Pacific
Country: Japan

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Information Security Specialist jobsSecurity Operations Engineer jobsSenior Security Analyst jobsSystems Administrator jobsSenior Cybersecurity Engineer jobsCybersecurity Editor jobsSenior Information Security Analyst jobsCybersecurity Content Editor jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsSenior Information Security Engineer jobsChief Information Security Officer jobsInformation System Security Officer (ISSO) jobsSecurity Consultant jobsSenior Product Security Engineer jobsIT Security Engineer jobsSecurity Specialist jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSenior Software Engineer jobsSecurity Operations Analyst jobsSenior IT Auditor jobs
EDR jobsSaaS jobsCEH jobsEncryption jobsJava jobsSplunk jobsTop Secret jobsThreat detection jobsSDLC jobsTerraform jobsIDS jobsMalware jobsRMF jobsIPS jobsFinance jobsSQL jobsDocker jobsSOC 2 jobsForensics jobsCompTIA jobsIntrusion detection jobsActive Directory jobsOWASP jobsClearance Required jobsAnsible jobs
VPN jobsGIAC jobsHIPAA jobsITIL jobsTCP/IP jobsIT infrastructure jobsDoDD 8570 jobsCRISC jobsBanking jobsMITRE ATT&CK jobsOSCP jobsSOAR jobsJira jobsDNS jobsSOX jobsIndustrial jobsData Analytics jobsZero Trust jobsCCSP jobsUNIX jobsGCIH jobsJavaScript jobsCISO jobsArtificial Intelligence jobsNIST 800-53 jobs