Mid-Level Pentester (m/f/d)
Lisboa (LI) - Lisboa
Consultoria em Negócios, Recursos Humanos, Jurídico ou IT
31/10/2024
Key Responsibilities:
1. Conduct Penetration Tests:
o Perform penetration testing on web applications, networks, and systems to identify vulnerabilities.
o Use both manual techniques and automated tools to simulate real-world attacks.
o Identify security weaknesses in system configurations, authentication mechanisms, and access control systems.
2. Vulnerability Identification and Exploitation:
o Perform vulnerability assessments and exploit identified weaknesses to determine the impact and risk level.
o Document findings in a clear and detailed manner, including proof of concepts for exploitation.
3. Reporting and Documentation:
o Prepare comprehensive penetration testing reports, including vulnerabilities, risks, and detailed remediation recommendations.
o Present findings to technical and non-technical stakeholders in a clear and concise manner.
4. Security Advisory and Consulting:
o Provide guidance on remediating vulnerabilities and improving overall security posture.
o Advise development, operations, and security teams on best practices for application and network security.
5. Continuous Improvement and Research:
o Stay up to date on the latest threats, attack vectors, and penetration testing methodologies.
o Research and develop new tools, techniques, and frameworks to improve the penetration testing process.
o Mentor junior members of the security team in penetration testing techniques and security best practices.
Qualifications:
Experience:
o Minimum 3 or more years of experience in penetration testing or offensive security roles. (If you have had previous experience in other cybersecurity technical roles we can count it as previous experience)
o Strong knowledge of penetration testing frameworks and methodologies.
Technical Skills:
o Proficient with penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, and Wireshark.
o Experience in manual exploitation techniques beyond automated scanning tools.
o Strong understanding of web application security, network security, and mobile security testing. (if you are good in at least one of these areas it's ok)
o Hands-on experience with scripting languages (e.g., Python, Bash, PowerShell) and ability to develop custom testing tools.
o Familiarity with common attack techniques and vectors.
Certifications (not-mandatory but will be valued):
o OSCP (Offensive Security Certified Professional)
o CEH (Certified Ethical Hacker)
o GPEN (GIAC Penetration Tester)
o OSWE (Offensive Security Web Expert)
Soft Skills:
o Strong analytical and problem-solving skills.
o Good verbal and written communication skills - Portuguese and English.
o Ability to work independently or as part of a team.
If this is your profile, please submit your updated, English CV.
#LI-CL1
Apply
We are seeking a skilled and motivated Mid-Level or Senior Penetration Tester to join our client's cybersecurity team. The Penetration Tester will play a critical role in identifying, assessing, and exploiting security vulnerabilities in IT systems, networks, and applications. The ideal candidate will have hands-on experience in performing advanced penetration tests, assessing security controls, and providing actionable recommendations to enhance the security posture of the organization.
Key Responsibilities:
1. Conduct Penetration Tests:
o Perform penetration testing on web applications, networks, and systems to identify vulnerabilities.
o Use both manual techniques and automated tools to simulate real-world attacks.
o Identify security weaknesses in system configurations, authentication mechanisms, and access control systems.
2. Vulnerability Identification and Exploitation:
o Perform vulnerability assessments and exploit identified weaknesses to determine the impact and risk level.
o Document findings in a clear and detailed manner, including proof of concepts for exploitation.
3. Reporting and Documentation:
o Prepare comprehensive penetration testing reports, including vulnerabilities, risks, and detailed remediation recommendations.
o Present findings to technical and non-technical stakeholders in a clear and concise manner.
4. Security Advisory and Consulting:
o Provide guidance on remediating vulnerabilities and improving overall security posture.
o Advise development, operations, and security teams on best practices for application and network security.
5. Continuous Improvement and Research:
o Stay up to date on the latest threats, attack vectors, and penetration testing methodologies.
o Research and develop new tools, techniques, and frameworks to improve the penetration testing process.
o Mentor junior members of the security team in penetration testing techniques and security best practices.
Qualifications:
Experience:
o Minimum 3 or more years of experience in penetration testing or offensive security roles. (If you have had previous experience in other cybersecurity technical roles we can count it as previous experience)
o Strong knowledge of penetration testing frameworks and methodologies.
Technical Skills:
o Proficient with penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, and Wireshark.
o Experience in manual exploitation techniques beyond automated scanning tools.
o Strong understanding of web application security, network security, and mobile security testing. (if you are good in at least one of these areas it's ok)
o Hands-on experience with scripting languages (e.g., Python, Bash, PowerShell) and ability to develop custom testing tools.
o Familiarity with common attack techniques and vectors.
Certifications (not-mandatory but will be valued):
o OSCP (Offensive Security Certified Professional)
o CEH (Certified Ethical Hacker)
o GPEN (GIAC Penetration Tester)
o OSWE (Offensive Security Web Expert)
Soft Skills:
o Strong analytical and problem-solving skills.
o Good verbal and written communication skills - Portuguese and English.
o Ability to work independently or as part of a team.
If this is your profile, please submit your updated, English CV.
#LI-CL1