We are looking for a skilled Vulnerability Assessment & Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will be responsible for identifying, analyzing, and mitigating security vulnerabilities in our systems and applications.
Key Responsibilities:
Vulnerability Assessment: Conduct regular vulnerability assessments on network infrastructure, applications, and systems.
Security testing: good understanding of the static application security testing SAST, dynamic application security testing DAST, source code testing, OWASP top 10 risks.
Penetration Testing: Perform penetration testing to identify security weaknesses and potential exploits.
Software Development: good knowledge of software development life cycle, technologies, web applications, mobile applications, APIs, Agile, DevOps methodologies and CI/CD pipelines.
Risk Analysis: Analyze and prioritize vulnerabilities based on risk and impact to the organization.
Reporting: Document and report findings, providing detailed recommendations for remediation.
Remediation Support: Work with IT and development teams to implement security improvements and mitigate identified vulnerabilities.
Security Tools: Utilize various security tools and methodologies to conduct assessments and tests.
Compliance: Ensure compliance with industry standards and regulatory requirements.
Continuous Improvement: Stay updated with the latest security trends, tools, and techniques to continuously improve the security posture of the organization.
Qualifications:
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience: 2+ years of experience in vulnerability assessment and penetration testing.
Certifications: Relevant certifications such as OSCP, CEH, or equivalent are preferred.
Technical Skills:
Proficiency with vulnerability assessment tools (e.g., Tenable Nessus, OpenVAS).
Experience with penetration testing tools (e.g., Metasploit, Burp Suite).
Strong understanding of network protocols, operating systems, and security architectures.
Knowledge of scripting languages (e.g., Python, Bash, PowerShell) for automation of tasks.
Familiarity with regulatory standards and frameworks (e.g., ISO 27001, NIST, PCI-DSS).
Soft Skills:
Strong analytical and problem-solving skills.
Excellent communication and report-writing abilities.
Ability to work independently and as part of a team.
Attention to detail and ability to manage multiple tasks simultaneously.
Feel free to adjust this template to better suit your specific requirements or organizational needs! If you need any further assistance, just let me know.