- Conduct formal testing on computer systems
- Assess the security of computer software and hardware
- Conduct security audits and legal cyberattack simulations by designing and utilizing hacking tools to access designated pieces of data during a predetermined time frame
- Generate tools for breaking into security systems
- Detect and correct system weaknesses
- Provide recommendations based on an assessment of hardware and software systems
- Implement solutions to enhance data security
- Provide IT support
- Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, systems, and networks.
- Troubleshooting security and network problems.
- Responding to all system and/or network security breaches.
- Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.
- Participating in the change management process.
- Testing and identifying network and system vulnerabilities.
- Daily administrative tasks, reporting, and communication with the relevant departments in the organization.
Requirements• Good knowledge of tools used for web application penetration testing. • Good knowledge of tools used for network penetration testing. • Experience conducting advanced penetration testing exercises (Web applications, Mobile Applications, APIs and Network) • Developing, extending, or modifying exploits, shellcode or exploit tools. • Vulnerability assessment / Security assessment tools • Familiarity with security public standards and testing methodologies: OWASP top 10 for Mobile, Web and API. OWASP Application Security Verification Standard (ASVS), MITRE ATT&CK, etc. • Proficiency with one or more programming languages: JAVA, ASP.net , PHP, C/C++, Python, GO, etc. • Experience in developing cybersecurity testing tools, and exploits development • Industry certifications preferred (e.g., GPEN, GWAPT, OSCP, OSWE, eWPTX, etc.) ( not required)