Position Title: Connected Product Penetration Tester

For a Client Specializing in Security Testing

Company Reporting to the Cybersecurity Director

Location: Bologna, Italy / Hybrid (only eligible to work in EU)

Who we are

Pro CISO® is an elite Cybersecurity company, specialized in strategic advisory and managed security services. Founded in February 2021, Pro CISO® is led by management with a track record of over 25 years of experience in securing complex digital environments across the globe, in very diverse industries such as Telco, ISP, Healthcare, Manufacturing, Insurance.

We rely on a selected team of certified cybersecurity experts, with deep knowledge and hands-on experience in their domains, to provide immediate practical benefits to our Customers.

Pro CISO® is known for providing quick, smart and cost-effective cybersecurity consulting and managed security services, that allow organizations to rapidly solve real-life cybersecurity problems that could otherwise threaten the continuity of their business.

Why we are recruiting

We are hiring qualified personnel to provide specialized managed security services and/or personnel to our customers.

The Role:

We are on the lookout for a proficient Connected Product Penetration Tester to bolster our cybersecurity force, focusing specifically on the security robustness of Internet of Things (IoT) devices, associated mobile applications, and IoT backend infrastructures hosted across AWS and Azure clouds. The successful candidate will exhibit an in-depth understanding of cybersecurity principles with a particular emphasis on penetration testing, vulnerability assessments, and a comprehensive grasp of ETSI IoT security standards, alongside familiarity with OWASP guidelines. This role is instrumental in assuring the security and resilience of our connected products through thorough testing and evaluation processes.

About the Job:

As a Connected Product Penetration Tester, you will undertake exhaustive penetration tests across a variety of connected products, including but not limited to IoT devices, mobile apps, and their corresponding cloud backend infrastructures. Your responsibilities will include identifying vulnerabilities, evaluating associated risks, and furnishing detailed, actionable recommendations to bolster security measures. Collaboration with product development teams will be pivotal to embedding security best practices into the development lifecycle, ensuring adherence to pertinent security standards and protocols.

Operational Activities:

Execute penetration testing and vulnerability assessments focusing on IoT devices, mobile applications, and cloud infrastructures.

Craft and implement test plans, scenarios, scripts, and procedures tailored for connected products.

Meticulously document findings, compile assessment reports, and convey findings to both technical and non-technical stakeholders.

Engage with product development teams, providing insights into product architecture and championing security best practices.

Responsibilities:

Pinpoint and exploit vulnerabilities in connected products, aligning with ETSI IoT security standards and OWASP guidelines.

Conduct end-to-end security assessments of IoT devices, mobile apps, and cloud platforms (AWS, Azure), ensuring comprehensive security coverage.

Remain abreast of emerging security threats, tactics, and tools pertinent to IoT and connected products.

Partner with development teams to address vulnerabilities, enhancing the security footprint of products.

Promote secure coding practices, integrating security methodologies, and tools within the product development lifecycle.

Education:

Bachelors degree in Computer Science, Information Security, or related discipline.

Advanced degree or specialized training in cybersecurity, with a focus on penetration testing or IoT security, is highly favored.

Qualification and Skills:

Required experience: A minimum of 3-5 years in penetration testing or cybersecurity roles, with specific emphasis on IoT security and connected products.

Certifications: Relevant certifications such as OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), GWAPT (GIAC Web Application Penetration Tester), or equivalents.

Profound knowledge of ETSI IoT security standards, OWASP standards, and penetration testing methodologies for connected products.

Proficiency with penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Wireshark).

Demonstrable experience in assessing vulnerabilities within mobile applications (iOS, Android) and cloud platforms (AWS, Azure).

Exceptional analytical and problem-solving abilities, capable of adopting both attacker and defender perspectives.

Strong communication skills for effectively articulating technical risks and findings to diverse audiences.

This opportunity is designed for individuals passionate about advancing the security landscape of IoT and connected technologies. If you possess the requisite skills and are driven to uncover and mitigate vulnerabilities in complex systems, we invite you to apply.